[USN-7756-1] ImageMagick vulnerabilities
noreply+usn-bot at canonical.com
noreply+usn-bot at canonical.com
Thu Sep 18 18:03:32 UTC 2025
==========================================================================
Ubuntu Security Notice USN-7756-1
September 18, 2025
imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS
Summary:
Several security issues were fixed in ImageMagick.
Software Description:
- imagemagick: Image manipulation programs and library
Details:
It was discovered that ImageMagick did not properly handle memory when
performing magnified size calculations. An attacker could possibly use this
issue to cause ImageMagick to crash, resulting in a denial of service, or
possibly execute arbitrary code. (CVE-2025-55154)
Woojin Park, Hojun Lee, Youngin Won, and Siyeon Han discovered that
ImageMagick incorrectly handled creating thumbnail images for certain
dimensions. An attacker could possibly use this issue to cause ImageMagick
to crash, resulting in a denial of service. This issue only affected Ubuntu
24.04 LTS. (CVE-2025-55212)
Lumina Mescuwa discovered that ImageMagick did not properly handle cloning
splay trees in the MagickCore library. An attacker could possibly use this
issue to cause sanitized builds of ImageMagick to crash, resulting in a
denial of service. (CVE-2025-55160)
Lumina Mescuwa discovered that ImageMagick did not properly handle memory.
An attacker could possibly use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2025-57807)
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 24.04 LTS
imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm2
Available with Ubuntu Pro
Ubuntu 22.04 LTS
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm3
Available with Ubuntu Pro
Ubuntu 20.04 LTS
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm3
Available with Ubuntu Pro
Ubuntu 18.04 LTS
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm5
Available with Ubuntu Pro
Ubuntu 16.04 LTS
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm13
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm13
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm13
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm13
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm13
Available with Ubuntu Pro
Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm14
Available with Ubuntu Pro
In general, a standard system update will make all the necessary changes.
References:
https://ubuntu.com/security/notices/USN-7756-1
CVE-2025-55154, CVE-2025-55160, CVE-2025-55212, CVE-2025-57807
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-security-announce/attachments/20250918/7b76ab5a/attachment.sig>
More information about the ubuntu-security-announce
mailing list