- Vulnerability/
- USN-5335-1
USN-5335-1: ImageMagick vulnerabilities
First published: Fri Mar 18 2022(Updated: )
It was discovered that ImageMagick incorrectly handled certain values when processing XPM image data or large images. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-19667, CVE-2017-13144) Suhwan Song discovered that ImageMagick incorrectly handled memory when processing PNG,PALM,MIFF image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753) Suhwan Song discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770) Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)
| Affected Software | Affected Version | How to fix |
|---|---|---|
| All of | ||
| ubuntu/libimage-magick-perl | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/imagemagick-common | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-dev | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-dev | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/imagemagick | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libimage-magick-q16-perl | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-2-extra | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/imagemagick-6.q16 | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6-headers | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-5v5 | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/perlmagick | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6-arch-config | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagick++-6.q16-dev | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickwand-6.q16-dev | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickcore-6.q16-2 | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 | ||
| All of | ||
| ubuntu/libmagickwand-6.q16-2 | <8:6.8.9.9-7ubuntu5.16+esm2 | 8:6.8.9.9-7ubuntu5.16+esm2 |
| =16.04 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://ubuntu.com/security/CVE-2017-13144
- https://ubuntu.com/security/CVE-2021-20241
- https://ubuntu.com/security/CVE-2020-25664
- https://ubuntu.com/security/CVE-2020-27766
- https://ubuntu.com/security/CVE-2020-27753
- https://ubuntu.com/security/CVE-2020-27750
- https://ubuntu.com/security/CVE-2020-27770
- https://ubuntu.com/security/CVE-2021-20176
- https://ubuntu.com/security/CVE-2020-25676
- https://ubuntu.com/security/CVE-2020-27762
- https://ubuntu.com/security/CVE-2020-25665
- https://ubuntu.com/security/CVE-2020-27760
- https://ubuntu.com/security/CVE-2021-20243
- https://ubuntu.com/security/CVE-2020-19667
- https://ubuntu.com/security/CVE-2020-25674
- https://ubuntu.com/security/notices/USN-3681-1
- https://ubuntu.com/security/notices/USN-5736-1
- https://ubuntu.com/security/notices/USN-5736-2
- https://ubuntu.com/security/notices/USN-6200-1
- https://ubuntu.com/security/notices/USN-4988-1
- https://ubuntu.com/security/notices/USN-5335-1 (Advisory)
Child vulnerabilities
(Contains the following vulnerabilities)
Frequently Asked Questions
What is the severity of USN-5335-1?
The severity of USN-5335-1 is moderate.
How do I fix USN-5335-1?
To fix USN-5335-1, update the affected software to version 8:6.8.9.9-7ubuntu5.16+esm2.
Which versions of Ubuntu are affected by USN-5335-1?
The vulnerability affects Ubuntu version 16.04.
Are there any known exploits for USN-5335-1?
Yes, there are known exploits for USN-5335-1.
Where can I find more information about USN-5335-1?
You can find more information about USN-5335-1 on the Ubuntu security website.
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- collector/usn
- source/Ubuntu
- anchor-related/USN-3681-1
- anchor-related/USN-5736-1
- anchor-related/USN-5736-2
- anchor-related/USN-6200-1
- anchor-related/USN-4988-1
- agent/software-canonical-lookup
- package-manager/ubuntu
- vendor/ubuntu
- canonical/ubuntu ubuntu
- version/ubuntu ubuntu/16.04