- Vulnerability/
- USN-4034-1
USN-4034-1: ImageMagick vulnerabilities
First published: Tue Jun 25 2019(Updated: )
It was discovered that ImageMagick incorrectly handled certain malformed image files. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. Due to a large number of issues discovered in GhostScript that prevent it from being used by ImageMagick safely, the update for Ubuntu 18.10 and Ubuntu 19.04 includes a default policy change that disables support for the Postscript and PDF formats in ImageMagick. This policy can be overridden if necessary by using an alternate ImageMagick policy configuration.
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/imagemagick | <8:6.9.10.14+dfsg-7ubuntu2.2 | 8:6.9.10.14+dfsg-7ubuntu2.2 |
| =19.04 | ||
| All of | ||
| ubuntu/imagemagick-6.q16 | <8:6.9.10.14+dfsg-7ubuntu2.2 | 8:6.9.10.14+dfsg-7ubuntu2.2 |
| =19.04 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-8 | <8:6.9.10.14+dfsg-7ubuntu2.2 | 8:6.9.10.14+dfsg-7ubuntu2.2 |
| =19.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-6 | <8:6.9.10.14+dfsg-7ubuntu2.2 | 8:6.9.10.14+dfsg-7ubuntu2.2 |
| =19.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-6-extra | <8:6.9.10.14+dfsg-7ubuntu2.2 | 8:6.9.10.14+dfsg-7ubuntu2.2 |
| =19.04 | ||
| All of | ||
| ubuntu/imagemagick | <8:6.9.10.8+dfsg-1ubuntu2.2 | 8:6.9.10.8+dfsg-1ubuntu2.2 |
| =18.10 | ||
| All of | ||
| ubuntu/imagemagick-6.q16 | <8:6.9.10.8+dfsg-1ubuntu2.2 | 8:6.9.10.8+dfsg-1ubuntu2.2 |
| =18.10 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-8 | <8:6.9.10.8+dfsg-1ubuntu2.2 | 8:6.9.10.8+dfsg-1ubuntu2.2 |
| =18.10 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-6 | <8:6.9.10.8+dfsg-1ubuntu2.2 | 8:6.9.10.8+dfsg-1ubuntu2.2 |
| =18.10 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-6-extra | <8:6.9.10.8+dfsg-1ubuntu2.2 | 8:6.9.10.8+dfsg-1ubuntu2.2 |
| =18.10 | ||
| All of | ||
| ubuntu/imagemagick | <8:6.9.7.4+dfsg-16ubuntu6.7 | 8:6.9.7.4+dfsg-16ubuntu6.7 |
| =18.04 | ||
| All of | ||
| ubuntu/imagemagick-6.q16 | <8:6.9.7.4+dfsg-16ubuntu6.7 | 8:6.9.7.4+dfsg-16ubuntu6.7 |
| =18.04 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-7 | <8:6.9.7.4+dfsg-16ubuntu6.7 | 8:6.9.7.4+dfsg-16ubuntu6.7 |
| =18.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-3 | <8:6.9.7.4+dfsg-16ubuntu6.7 | 8:6.9.7.4+dfsg-16ubuntu6.7 |
| =18.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-3-extra | <8:6.9.7.4+dfsg-16ubuntu6.7 | 8:6.9.7.4+dfsg-16ubuntu6.7 |
| =18.04 | ||
| All of | ||
| ubuntu/imagemagick | <8:6.8.9.9-7ubuntu5.14 | 8:6.8.9.9-7ubuntu5.14 |
| =16.04 | ||
| All of | ||
| ubuntu/imagemagick-6.q16 | <8:6.8.9.9-7ubuntu5.14 | 8:6.8.9.9-7ubuntu5.14 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-5v5 | <8:6.8.9.9-7ubuntu5.14 | 8:6.8.9.9-7ubuntu5.14 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-2 | <8:6.8.9.9-7ubuntu5.14 | 8:6.8.9.9-7ubuntu5.14 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-2-extra | <8:6.8.9.9-7ubuntu5.14 | 8:6.8.9.9-7ubuntu5.14 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-12805
- https://ubuntu.com/security/CVE-2017-12806
- https://ubuntu.com/security/CVE-2018-14434
- https://ubuntu.com/security/CVE-2018-15607
- https://ubuntu.com/security/CVE-2018-16323
- https://ubuntu.com/security/CVE-2018-16412
- https://ubuntu.com/security/CVE-2018-16413
- https://ubuntu.com/security/CVE-2018-16644
- https://ubuntu.com/security/CVE-2018-16645
- https://ubuntu.com/security/CVE-2018-17965
- https://ubuntu.com/security/CVE-2018-17966
- https://ubuntu.com/security/CVE-2018-18016
- https://ubuntu.com/security/CVE-2018-18023
- https://ubuntu.com/security/CVE-2018-18024
- https://ubuntu.com/security/CVE-2018-18025
- https://ubuntu.com/security/CVE-2018-18544
- https://ubuntu.com/security/CVE-2018-20467
- https://ubuntu.com/security/CVE-2019-10131
- https://ubuntu.com/security/CVE-2019-10649
- https://ubuntu.com/security/CVE-2019-10650
- https://ubuntu.com/security/CVE-2019-11470
- https://ubuntu.com/security/CVE-2019-11472
- https://ubuntu.com/security/CVE-2019-11597
- https://ubuntu.com/security/CVE-2019-11598
- https://ubuntu.com/security/CVE-2019-7175
- https://ubuntu.com/security/CVE-2019-7395
- https://ubuntu.com/security/CVE-2019-7396
- https://ubuntu.com/security/CVE-2019-7397
- https://ubuntu.com/security/CVE-2019-7398
- https://ubuntu.com/security/CVE-2019-9956
- https://ubuntu.com/security/notices/USN-6980-1
- https://ubuntu.com/security/notices/USN-3785-1
- https://ubuntu.com/security/notices/USN-6985-1
- https://ubuntu.com/security/notices/USN-7053-1
- https://ubuntu.com/security/notices/USN-7068-1
- https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.14+dfsg-7ubuntu2.2
- https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.10.8+dfsg-1ubuntu2.2
- https://launchpad.net/ubuntu/+source/imagemagick/8:6.9.7.4+dfsg-16ubuntu6.7
- https://launchpad.net/ubuntu/+source/imagemagick/8:6.8.9.9-7ubuntu5.14
- https://ubuntu.com/security/notices/USN-4034-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
- CVE-2017-12805
- CVE-2017-12806
- CVE-2018-14434
- CVE-2018-15607
- CVE-2018-16323
- CVE-2018-16412
- CVE-2018-16413
- CVE-2018-16644
- CVE-2018-16645
- CVE-2018-17965
- CVE-2018-17966
- CVE-2018-18016
- CVE-2018-18023
- CVE-2018-18024
- CVE-2018-18025
- CVE-2018-18544
- CVE-2018-20467
- CVE-2019-10131
- CVE-2019-10649
- CVE-2019-10650
- CVE-2019-11470
- CVE-2019-11472
- CVE-2019-11597
- CVE-2019-11598
- CVE-2019-7175
- CVE-2019-7395
- CVE-2019-7396
- CVE-2019-7397
- CVE-2019-7398
- CVE-2019-9956
Frequently Asked Questions
What is the vulnerability ID for this advisory?
The vulnerability ID for this advisory is USN-4034-1.
What is the affected software?
The affected software includes ImageMagick, imagemagick-6.q16, libmagick++-6.q16-8, libmagickcore-6.q16-6, and libmagickcore-6.q16-6-extra.
What is the severity of this vulnerability?
The severity of this vulnerability is not specified in the advisory.
How can an attacker exploit this vulnerability?
An attacker can exploit this vulnerability by tricking a user or automated system using ImageMagick into opening a specially crafted image to cause a denial of service or possibly execute code with elevated privileges.
How do I fix this vulnerability?
To fix this vulnerability, you need to update ImageMagick and related packages to version 8:6.9.10.14+dfsg-7ubuntu2.2 or later.
- agent/severity
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/softwarecombine
- agent/title
- agent/description
- agent/event
- agent/references
- agent/tags
- collector/usn
- source/Ubuntu
- anchor-related/USN-6980-1
- anchor-related/USN-3785-1
- anchor-related/USN-6985-1
- anchor-related/USN-7053-1
- anchor-related/USN-7068-1
- agent/software-canonical-lookup
- agent/trending
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/19.04
- version/ubuntu ubuntu/18.10
- version/ubuntu ubuntu/18.04
- version/ubuntu ubuntu/16.04