Ubuntu alert USN-8127-1 (imagemagick)
| From: | noreply+usn-bot@canonical.com | |
| To: | ubuntu-security-announce@lists.ubuntu.com | |
| Subject: | [USN-8127-1] ImageMagick vulnerabilities | |
| Date: | Tue, 31 Mar 2026 07:55:54 +0000 | |
| Message-ID: | <E1w7Tx4-0001gn-Au@lists.ubuntu.com> |
========================================================================== Ubuntu Security Notice USN-8127-1 March 30, 2026 imagemagick vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 24.04 LTS - Ubuntu 22.04 LTS - Ubuntu 20.04 LTS - Ubuntu 18.04 LTS - Ubuntu 16.04 LTS - Ubuntu 14.04 LTS Summary: Several security issues were fixed in ImageMagick. Software Description: - imagemagick: Image manipulation programs and library Details: It was discovered that ImageMagick did not properly process certain tags prior to an image being loaded. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-23952) It was discovered that ImageMagick did not properly handle temporary file creation failures. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25795) It was discovered that ImageMagick did not properly manage memory under certain conditions. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. (CVE-2026-25796) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25798) It was discovered that ImageMagick did not properly validate certain YUV sampling factors. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-25799) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. (CVE-2026-25970) It was discovered that ImageMagick incorrectly managed memory when handling certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. (CVE-2026-25988) It was discovered that ImageMagick incorrectly handled certain crafted image profiles. An attacker could possibly use this issue to cause ImageMagick to consume available resources, resulting in a denial of service. (CVE-2026-26066) It was discovered that ImageMagick incorrectly handled large image profiles when encoding PNG images. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2026-30883) Kamil Frankowicz discovered that ImageMagick incorrectly handled certain XML data. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. (CVE-2026-32636) Update instructions: The problem can be corrected by updating your system to the following package versions: Ubuntu 24.04 LTS imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickcore-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Available with Ubuntu Pro Ubuntu 22.04 LTS imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Available with Ubuntu Pro Ubuntu 20.04 LTS libimage-magick-q16-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Available with Ubuntu Pro Ubuntu 18.04 LTS imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libimage-magick-q16hdri-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Available with Ubuntu Pro Ubuntu 16.04 LTS imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm19 Available with Ubuntu Pro Ubuntu 14.04 LTS imagemagick 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro libmagick++5 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro perlmagick 8:6.7.7.10-6ubuntu3.13+esm20 Available with Ubuntu Pro In general, a standard system update will make all the necessary changes. References: https://ubuntu.com/security/notices/USN-8127-1 CVE-2026-23952, CVE-2026-25795, CVE-2026-25796, CVE-2026-25798, CVE-2026-25799, CVE-2026-25970, CVE-2026-25988, CVE-2026-26066, CVE-2026-30883, CVE-2026-32636
Attachment: signature.asc (type=application/pgp-signature)
-----BEGIN PGP SIGNATURE----- iQIzBAABCgAdFiEE+8neBLO2Hp/ppPlOcpJm3tlzhgEFAmnLfBgACgkQcpJm3tlz hgHAjg/+OsjrFwgytshpKv48VkRgqeG1vi4iu0jfT5UbpogsnA3dnZisvbvtHS3G mlBxS6Chzj28WPMskqSNWGhV9QP4NNhsIrmP2c2jo/wyfBIH0WYvtxs3YKczTL0F AEHjXM6PxYIsbypZ9hTofKHHpzjSlhZKOKC2M+CSrjf+JSBI4DELHZmw5Ju8QlLB +8oVY/xiIPmTMVqEZj109GNRkryD2j22WoLCjKT8DWli3GcikTZrgkxXwlFbi4lN TF2Ytj3sq9yzgzuHivup4utXs2ZiAYuNeATvsZ5c1IuWfTBMXoVddolYitSW24Nm MXwKMk18UpnS0CB9u00vYbnPTaaxF/vc1vQsIyZQY+D1551O+PxIdZcWePvs9K+M fhrymDxcutizCBvek1NSi9d2T1MZ9Q4sFncrP1zklhdkLNdPW1LVerzsC9vinKt8 S87KoZZ11r0aNJE6NlmT8kOJJ7UXKEvBhlZpDU6mGQKfbbVgXsT1liXsGRu476xc XYXd1BlguPfbkXjre7mbzHeOUC28g2L6JX1iHkwzXjVvEzDX9S5cU8fNU+Q+T6zv hYOF+V+1jJCMF/DqHf69F58FegUR7gK0jMOgtpOzG0EZJXyXtqd5U4daMxSjDb8k D5+2/MbJGdaIL4Tkn6T/A55GO70aE+ezNnzOGdinqZDI9BtiNZI= =ucT/ -----END PGP SIGNATURE-----