Action not permitted
Modal body text goes here.
Modal Title
Modal Body
ubuntu-cve-2021-39212
Vulnerability from osv_ubuntu
ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a module policy in policy.xml. ex. . The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the module policy and instead use the coder policy that is also our workaround recommendation: .
{
"affected": [
{
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.10.23+dfsg-2.1ubuntu11.9?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.10.23+dfsg-2.1ubuntu3",
"8:6.9.10.23+dfsg-2.1ubuntu8",
"8:6.9.10.23+dfsg-2.1ubuntu9",
"8:6.9.10.23+dfsg-2.1ubuntu10",
"8:6.9.10.23+dfsg-2.1ubuntu11",
"8:6.9.10.23+dfsg-2.1ubuntu11.1",
"8:6.9.10.23+dfsg-2.1ubuntu11.2",
"8:6.9.10.23+dfsg-2.1ubuntu11.4",
"8:6.9.10.23+dfsg-2.1ubuntu11.5",
"8:6.9.10.23+dfsg-2.1ubuntu11.6",
"8:6.9.10.23+dfsg-2.1ubuntu11.7"
]
},
{
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.11.60+dfsg-1ubuntu1",
"8:6.9.11.60+dfsg-1.3",
"8:6.9.11.60+dfsg-1.3build1",
"8:6.9.11.60+dfsg-1.3build2",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1"
]
}
],
"aliases": [],
"details": "ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. \u003cpolicy domain=\"module\" rights=\"none\" pattern=\"PS\" /\u003e. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: \u003cpolicy domain=\"coder\" rights=\"none\" pattern=\"{PS,EPI,EPS,EPSF,EPSI}\" /\u003e.",
"id": "UBUNTU-CVE-2021-39212",
"modified": "2026-04-22T07:40:08Z",
"published": "2021-09-13T18:15:00Z",
"references": [
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-39212"
},
{
"type": "REPORT",
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5736-1"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5736-2"
},
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6200-1"
},
{
"type": "REPORT",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-39212"
}
],
"related": [
"USN-5736-1",
"USN-5736-2",
"USN-6200-1"
],
"schema_version": "1.7.0",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
],
"upstream": [
"CVE-2021-39212"
]
}
CVE-2021-39212 (GCVE-0-2021-39212)
Vulnerability from cvelistv5 – Published: 2021-09-13 00:00 – Updated: 2024-08-04 01:58- CWE-668 - Exposure of Resource to Wrong Sphere
| Vendor | Product | Version | |
|---|---|---|---|
| ImageMagick | ImageMagick |
Affected:
>= 7.0.0, < 7.1.0-7
Affected: < 6.9.12-22 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:58:18.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ImageMagick",
"vendor": "ImageMagick",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0.0, \u003c 7.1.0-7"
},
{
"status": "affected",
"version": "\u003c 6.9.12-22"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ImageMagick is free software delivered as a ready-to-run binary distribution or as source code that you may use, copy, modify, and distribute in both open and proprietary applications. In affected versions and in certain cases, Postscript files could be read and written when specifically excluded by a `module` policy in `policy.xml`. ex. \u003cpolicy domain=\"module\" rights=\"none\" pattern=\"PS\" /\u003e. The issue has been resolved in ImageMagick 7.1.0-7 and in 6.9.12-22. Fortunately, in the wild, few users utilize the `module` policy and instead use the `coder` policy that is also our workaround recommendation: \u003cpolicy domain=\"coder\" rights=\"none\" pattern=\"{PS,EPI,EPS,EPSF,EPSI}\" /\u003e."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 4.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-22T00:00:00.000Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/ImageMagick/ImageMagick/security/advisories/GHSA-qvhr-jj4p-j2qr"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/commit/01faddbe2711a4156180c4a92837e2f23683cc68"
},
{
"url": "https://github.com/ImageMagick/ImageMagick/commit/35893e7cad78ce461fcaffa56076c11700ba5e4e"
},
{
"name": "[debian-lts-announce] 20230521 [SECURITY] [DLA 3429-1] imagemagick security update",
"tags": [
"mailing-list"
],
"url": "https://lists.debian.org/debian-lts-announce/2023/05/msg00020.html"
}
],
"source": {
"advisory": "GHSA-qvhr-jj4p-j2qr",
"discovery": "UNKNOWN"
},
"title": "Issue when Configuring the ImageMagick Security Policy"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-39212",
"datePublished": "2021-09-13T00:00:00.000Z",
"dateReserved": "2021-08-16T00:00:00.000Z",
"dateUpdated": "2024-08-04T01:58:18.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
usn-5736-1
Vulnerability from osv_ubuntu
It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243)
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244)
It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)
It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 22.10. (CVE-2021-20313)
It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file using the convert command, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-3574)
It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 22.10. (CVE-2021-39212)
It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219)
It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of servicei, or expose sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-1114)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10. (CVE-2022-28463)
It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-20224",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32545",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32546",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32547",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:14.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "libmagick++5",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "libmagickcore5",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "libmagickcore5-extra",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "libmagickwand5",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.7.7.10-6ubuntu3.13+esm3"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.7.7.10-6ubuntu3.13+esm3?arch=source\u0026distro=trusty/esm"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.7.7.10-6ubuntu3.13+esm3"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.7.7.10-5ubuntu3",
"8:6.7.7.10-5ubuntu4",
"8:6.7.7.10-6ubuntu1",
"8:6.7.7.10-6ubuntu2",
"8:6.7.7.10-6ubuntu3",
"8:6.7.7.10-6ubuntu3.1",
"8:6.7.7.10-6ubuntu3.2",
"8:6.7.7.10-6ubuntu3.3",
"8:6.7.7.10-6ubuntu3.4",
"8:6.7.7.10-6ubuntu3.5",
"8:6.7.7.10-6ubuntu3.6",
"8:6.7.7.10-6ubuntu3.7",
"8:6.7.7.10-6ubuntu3.8",
"8:6.7.7.10-6ubuntu3.9",
"8:6.7.7.10-6ubuntu3.11",
"8:6.7.7.10-6ubuntu3.12",
"8:6.7.7.10-6ubuntu3.13",
"8:6.7.7.10-6ubuntu3.13+esm1",
"8:6.7.7.10-6ubuntu3.13+esm2"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-20224",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagick++-6.q16-5v5",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickcore-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickcore-6.q16-2-extra",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "libmagickwand-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm5"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.8.9.9-7ubuntu5.16+esm5?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.8.9.9-7ubuntu5.16+esm5"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.8.9.9-5ubuntu2",
"8:6.8.9.9-6",
"8:6.8.9.9-6build1",
"8:6.8.9.9-7",
"8:6.8.9.9-7ubuntu1",
"8:6.8.9.9-7ubuntu2",
"8:6.8.9.9-7ubuntu3",
"8:6.8.9.9-7ubuntu4",
"8:6.8.9.9-7ubuntu5",
"8:6.8.9.9-7ubuntu5.1",
"8:6.8.9.9-7ubuntu5.2",
"8:6.8.9.9-7ubuntu5.3",
"8:6.8.9.9-7ubuntu5.4",
"8:6.8.9.9-7ubuntu5.5",
"8:6.8.9.9-7ubuntu5.6",
"8:6.8.9.9-7ubuntu5.7",
"8:6.8.9.9-7ubuntu5.8",
"8:6.8.9.9-7ubuntu5.9",
"8:6.8.9.9-7ubuntu5.11",
"8:6.8.9.9-7ubuntu5.12",
"8:6.8.9.9-7ubuntu5.13",
"8:6.8.9.9-7ubuntu5.14",
"8:6.8.9.9-7ubuntu5.15",
"8:6.8.9.9-7ubuntu5.16",
"8:6.8.9.9-7ubuntu5.16+esm1",
"8:6.8.9.9-7ubuntu5.16+esm2",
"8:6.8.9.9-7ubuntu5.16+esm3",
"8:6.8.9.9-7ubuntu5.16+esm4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-20224",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20241",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32545",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32546",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32547",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagick++-6.q16-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagick++-6.q16hdri-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6.q16-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickcore-6.q16hdri-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickwand-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "libmagickwand-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.14"
}
]
},
"package": {
"ecosystem": "Ubuntu:18.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.7.4+dfsg-16ubuntu6.14?arch=source\u0026distro=bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.7.4+dfsg-16ubuntu6.14"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.7.4+dfsg-16ubuntu2",
"8:6.9.7.4+dfsg-16ubuntu3",
"8:6.9.7.4+dfsg-16ubuntu4",
"8:6.9.7.4+dfsg-16ubuntu5",
"8:6.9.7.4+dfsg-16ubuntu6",
"8:6.9.7.4+dfsg-16ubuntu6.2",
"8:6.9.7.4+dfsg-16ubuntu6.3",
"8:6.9.7.4+dfsg-16ubuntu6.4",
"8:6.9.7.4+dfsg-16ubuntu6.7",
"8:6.9.7.4+dfsg-16ubuntu6.8",
"8:6.9.7.4+dfsg-16ubuntu6.9",
"8:6.9.7.4+dfsg-16ubuntu6.11",
"8:6.9.7.4+dfsg-16ubuntu6.12",
"8:6.9.7.4+dfsg-16ubuntu6.13"
]
}
],
"aliases": [],
"details": "It was discovered that ImageMagick incorrectly handled certain values\nwhen processing PDF files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted PDF file, an attacker could\nexploit this to cause a denial of service. This issue only affected Ubuntu\n14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)\n\nZhang Xiaohui discovered that ImageMagick incorrectly handled certain\nvalues when processing image data. If a user or automated system using\nImageMagick were tricked into opening a specially crafted image, an\nattacker could exploit this to cause a denial of service. This issue only\naffected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)\n\nZhang Xiaohui discovered that ImageMagick incorrectly handled certain\nvalues when processing image data. If a user or automated system using\nImageMagick were tricked into opening a specially crafted image, an\nattacker could exploit this to cause a denial of service. This issue only\naffected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10.\n(CVE-2021-20243)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing visual effects based image files. By tricking a user into\nopening a specially crafted image file, an attacker could crash the\napplication causing a denial of service. This issue only affected Ubuntu\n22.10. (CVE-2021-20244)\n\nIt was discovered that ImageMagick could be made to divide by zero when\nprocessing crafted files. By tricking a user into opening a specially\ncrafted image file, an attacker could crash the application causing a\ndenial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen performing resampling operations. By tricking a user into opening\na specially crafted image file, an attacker could crash the application\ncausing a denial of service. This issue only affected Ubuntu 22.10.\n(CVE-2021-20246)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing visual effects based image files. By tricking a user into\nopening a specially crafted image file, an attacker could crash the\napplication causing a denial of service. This issue only affected Ubuntu\n22.10. (CVE-2021-20309)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing thumbnail image data. By tricking a user into opening\na specially crafted image file, an attacker could crash the application\ncausing a denial of service. This issue only affected Ubuntu 22.10.\n(CVE-2021-20312)\n\nIt was discovered that ImageMagick incorrectly handled memory cleanup\nwhen performing certain cryptographic operations. Under certain conditions\nsensitive cryptographic information could be disclosed. This issue only\naffected Ubuntu 22.10. (CVE-2021-20313)\n\nIt was discovered that ImageMagick did not properly manage memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted file using the convert command, an attacker could possibly use\nthis issue to cause ImageMagick to crash, resulting in a denial of\nservice. This issue only affected Ubuntu 22.10. (CVE-2021-3574)\n\nIt was discovered that ImageMagick did not use the correct rights when\nspecifically excluded by a module policy. An attacker could use this issue\nto read and write certain restricted files. This issue only affected\nUbuntu 22.10. (CVE-2021-39212)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing specially crafted SVG files. By tricking a user into\nopening a specially crafted SVG file, an attacker could crash the\napplication causing a denial of service. This issue only affected Ubuntu\n22.10. (CVE-2021-4219)\n\nIt was discovered that ImageMagick did not properly manage memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted DICOM file, an attacker could possibly use this issue to cause\nImageMagick to crash, resulting in a denial of servicei, or expose sensitive\ninformation. This issue only affected Ubuntu 22.10. (CVE-2022-1114)\n\nIt was discovered that ImageMagick incorrectly handled memory under\ncertain circumstances. If a user were tricked into opening a specially\ncrafted image file, an attacker could possibly exploit this issue to cause\na denial of service or other unspecified impact. This issue only affected\nUbuntu 22.10. (CVE-2022-28463)\n\nIt was discovered that ImageMagick incorrectly handled certain values.\nIf a user were tricked into processing a specially crafted image file,\nan attacker could possibly exploit this issue to cause a denial of service\nor other unspecified impact. This issue only affected Ubuntu 14.04 ESM,\nUbuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)\n\nIt was discovered that ImageMagick incorrectly handled memory under\ncertain circumstances. If a user were tricked into processing a specially\ncrafted image file, an attacker could possibly exploit this issue to cause\na denial of service or other unspecified impact. This issue only affected\nUbuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)\n",
"id": "USN-5736-1",
"modified": "2026-06-29T10:52:58Z",
"published": "2022-11-24T08:11:00Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5736-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3574"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4219"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20224"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20241"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20244"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20245"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20246"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20309"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20312"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20313"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-39212"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-1114"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28463"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32545"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32546"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32547"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "imagemagick vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-3574",
"UBUNTU-CVE-2021-4219",
"UBUNTU-CVE-2021-20224",
"UBUNTU-CVE-2021-20241",
"UBUNTU-CVE-2021-20243",
"UBUNTU-CVE-2021-20244",
"UBUNTU-CVE-2021-20245",
"UBUNTU-CVE-2021-20246",
"UBUNTU-CVE-2021-20309",
"UBUNTU-CVE-2021-20312",
"UBUNTU-CVE-2021-20313",
"UBUNTU-CVE-2021-39212",
"UBUNTU-CVE-2022-1114",
"UBUNTU-CVE-2022-28463",
"UBUNTU-CVE-2022-32545",
"UBUNTU-CVE-2022-32546",
"UBUNTU-CVE-2022-32547"
]
}
usn-5736-2
Vulnerability from osv_ubuntu
USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the issues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while CVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only affected Ubuntu 22.04 ESM.
Original advisory details:
It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20243)
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20244)
It was discovered that ImageMagick could be made to divide by zero when processing crafted files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)
It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 22.10. (CVE-2021-20313)
It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted file using the convert command, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-3574)
It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 22.10. (CVE-2021-39212)
It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-4219)
It was discovered that ImageMagick did not properly manage memory under certain circumstances. If a user were tricked into opening a specially crafted DICOM file, an attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service, or expose sensitive information. This issue only affected Ubuntu 22.10. (CVE-2022-1114)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.10. (CVE-2022-28463)
It was discovered that ImageMagick incorrectly handled certain values. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into processing a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)
| URL | Type | |||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-20224",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:20.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1?arch=source\u0026distro=esm-apps/focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.10.23+dfsg-2.1ubuntu11.4+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.10.23+dfsg-2.1ubuntu3",
"8:6.9.10.23+dfsg-2.1ubuntu8",
"8:6.9.10.23+dfsg-2.1ubuntu9",
"8:6.9.10.23+dfsg-2.1ubuntu10",
"8:6.9.10.23+dfsg-2.1ubuntu11",
"8:6.9.10.23+dfsg-2.1ubuntu11.1",
"8:6.9.10.23+dfsg-2.1ubuntu11.2",
"8:6.9.10.23+dfsg-2.1ubuntu11.4"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-3574",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-4219",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20241",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20244",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20245",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20246",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20309",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20312",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20313",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-39212",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-1114",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-28463",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32545",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32546",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32547",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.11.60+dfsg-1ubuntu1",
"8:6.9.11.60+dfsg-1.3",
"8:6.9.11.60+dfsg-1.3build1",
"8:6.9.11.60+dfsg-1.3build2",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1"
]
}
],
"aliases": [],
"details": "USN-5736-1 fixed vulnerabilities in ImageMagick. This update provides the\ncorresponding updates for Ubuntu 20.04 ESM and Ubuntu 22.04 ESM. One of the\nissues, CVE-2021-20224, only affected Ubuntu 20.04 ESM, while\nCVE-2021-20245, CVE-2021-3574, CVE-2021-4219 and CVE-2022-1114 only\naffected Ubuntu 22.04 ESM.\n\nOriginal advisory details:\n\n It was discovered that ImageMagick incorrectly handled certain values\n when processing PDF files. If a user or automated system using ImageMagick\n were tricked into opening a specially crafted PDF file, an attacker could\n exploit this to cause a denial of service. This issue only affected Ubuntu\n 14.04 ESM, Ubuntu 16.04 ESM and Ubuntu 18.04 LTS. (CVE-2021-20224)\n \n Zhang Xiaohui discovered that ImageMagick incorrectly handled certain\n values when processing image data. If a user or automated system using\n ImageMagick were tricked into opening a specially crafted image, an\n attacker could exploit this to cause a denial of service. This issue only\n affected Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2021-20241)\n \n Zhang Xiaohui discovered that ImageMagick incorrectly handled certain\n values when processing image data. If a user or automated system using\n ImageMagick were tricked into opening a specially crafted image, an\n attacker could exploit this to cause a denial of service. This issue only\n affected Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10.\n (CVE-2021-20243)\n \n It was discovered that ImageMagick incorrectly handled certain values\n when processing visual effects based image files. By tricking a user into\n opening a specially crafted image file, an attacker could crash the\n application causing a denial of service. This issue only affected Ubuntu\n 22.10. (CVE-2021-20244)\n \n It was discovered that ImageMagick could be made to divide by zero when\n processing crafted files. By tricking a user into opening a specially\n crafted image file, an attacker could crash the application causing a\n denial of service. This issue only affected Ubuntu 22.10. (CVE-2021-20245)\n \n It was discovered that ImageMagick incorrectly handled certain values\n when performing resampling operations. By tricking a user into opening\n a specially crafted image file, an attacker could crash the application\n causing a denial of service. This issue only affected Ubuntu 22.10.\n (CVE-2021-20246)\n \n It was discovered that ImageMagick incorrectly handled certain values\n when processing visual effects based image files. By tricking a user into\n opening a specially crafted image file, an attacker could crash the\n application causing a denial of service. This issue only affected Ubuntu\n 22.10. (CVE-2021-20309)\n \n It was discovered that ImageMagick incorrectly handled certain values\n when processing thumbnail image data. By tricking a user into opening\n a specially crafted image file, an attacker could crash the application\n causing a denial of service. This issue only affected Ubuntu 22.10.\n (CVE-2021-20312)\n \n It was discovered that ImageMagick incorrectly handled memory cleanup\n when performing certain cryptographic operations. Under certain conditions\n sensitive cryptographic information could be disclosed. This issue only\n affected Ubuntu 22.10. (CVE-2021-20313)\n \n It was discovered that ImageMagick did not properly manage memory under\n certain circumstances. If a user were tricked into opening a specially\n crafted file using the convert command, an attacker could possibly use\n this issue to cause ImageMagick to crash, resulting in a denial of\n service. This issue only affected Ubuntu 22.10. (CVE-2021-3574)\n \n It was discovered that ImageMagick did not use the correct rights when\n specifically excluded by a module policy. An attacker could use this issue\n to read and write certain restricted files. This issue only affected\n Ubuntu 22.10. (CVE-2021-39212)\n \n It was discovered that ImageMagick incorrectly handled certain values\n when processing specially crafted SVG files. By tricking a user into\n opening a specially crafted SVG file, an attacker could crash the\n application causing a denial of service. This issue only affected Ubuntu\n 22.10. (CVE-2021-4219)\n \n It was discovered that ImageMagick did not properly manage memory under\n certain circumstances. If a user were tricked into opening a specially\n crafted DICOM file, an attacker could possibly use this issue to cause\n ImageMagick to crash, resulting in a denial of service, or expose sensitive\n information. This issue only affected Ubuntu 22.10. (CVE-2022-1114)\n \n It was discovered that ImageMagick incorrectly handled memory under\n certain circumstances. If a user were tricked into opening a specially\n crafted image file, an attacker could possibly exploit this issue to cause\n a denial of service or other unspecified impact. This issue only affected\n Ubuntu 22.10. (CVE-2022-28463)\n \n It was discovered that ImageMagick incorrectly handled certain values.\n If a user were tricked into processing a specially crafted image file,\n an attacker could possibly exploit this issue to cause a denial of service\n or other unspecified impact. This issue only affected Ubuntu 14.04 ESM,\n Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32545, CVE-2022-32546)\n \n It was discovered that ImageMagick incorrectly handled memory under\n certain circumstances. If a user were tricked into processing a specially\n crafted image file, an attacker could possibly exploit this issue to cause\n a denial of service or other unspecified impact. This issue only affected\n Ubuntu 14.04 ESM, Ubuntu 18.04 LTS and Ubuntu 22.10. (CVE-2022-32547)\n",
"id": "USN-5736-2",
"modified": "2026-04-27T14:11:29Z",
"published": "2022-11-24T11:23:13Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5736-2"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3574"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-4219"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20224"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20241"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20244"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20245"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20246"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20309"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20312"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20313"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-39212"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-1114"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28463"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32545"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32546"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32547"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "imagemagick vulnerabilities",
"upstream": [
"UBUNTU-CVE-2021-3574",
"UBUNTU-CVE-2021-4219",
"UBUNTU-CVE-2021-20224",
"UBUNTU-CVE-2021-20241",
"UBUNTU-CVE-2021-20243",
"UBUNTU-CVE-2021-20244",
"UBUNTU-CVE-2021-20245",
"UBUNTU-CVE-2021-20246",
"UBUNTU-CVE-2021-20309",
"UBUNTU-CVE-2021-20312",
"UBUNTU-CVE-2021-20313",
"UBUNTU-CVE-2021-39212",
"UBUNTU-CVE-2022-1114",
"UBUNTU-CVE-2022-28463",
"UBUNTU-CVE-2022-32545",
"UBUNTU-CVE-2022-32546",
"UBUNTU-CVE-2022-32547"
]
}
usn-6200-1
Vulnerability from osv_ubuntu
It was discovered that ImageMagick incorrectly handled the "-authenticate" option for password-protected PDF files. An attacker could possibly use this issue to inject additional shell commands and perform arbitrary code execution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)
It was discovered that ImageMagick incorrectly handled certain values when processing PDF files. If a user or automated system using ImageMagick were tricked into opening a specially crafted PDF file, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20224)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)
It was discovered that ImageMagick incorrectly handled certain values when processing visual effects based image files. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20244, CVE-2021-20309)
It was discovered that ImageMagick incorrectly handled certain values when performing resampling operations. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20246)
It was discovered that ImageMagick incorrectly handled certain values when processing thumbnail image data. By tricking a user into opening a specially crafted image file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20312)
It was discovered that ImageMagick incorrectly handled memory cleanup when performing certain cryptographic operations. Under certain conditions sensitive cryptographic information could be disclosed. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-20313)
It was discovered that ImageMagick did not use the correct rights when specifically excluded by a module policy. An attacker could use this issue to read and write certain restricted files. This issue only affected Ubuntu 20.04 LTS. (CVE-2021-39212)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906, CVE-2023-3428)
It was discovered that ImageMagick incorrectly handled certain values when processing specially crafted SVG files. By tricking a user into opening a specially crafted SVG file, an attacker could crash the application causing a denial of service. This issue only affected Ubuntu 20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted tiff file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. This issue only affected Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)
It was discovered that ImageMagick incorrectly handled memory under certain circumstances. If a user were tricked into opening a specially crafted image file, an attacker could possibly exploit this issue to cause a denial of service or other unspecified impact. (CVE-2023-34151)
| URL | Type | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-34151",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagick++-6.q16-5v5",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickcore-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickcore-6.q16-2-extra",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "libmagickwand-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm8"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.8.9.9-7ubuntu5.16+esm8?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.8.9.9-7ubuntu5.16+esm8"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.8.9.9-5ubuntu2",
"8:6.8.9.9-6",
"8:6.8.9.9-6build1",
"8:6.8.9.9-7",
"8:6.8.9.9-7ubuntu1",
"8:6.8.9.9-7ubuntu2",
"8:6.8.9.9-7ubuntu3",
"8:6.8.9.9-7ubuntu4",
"8:6.8.9.9-7ubuntu5",
"8:6.8.9.9-7ubuntu5.1",
"8:6.8.9.9-7ubuntu5.2",
"8:6.8.9.9-7ubuntu5.3",
"8:6.8.9.9-7ubuntu5.4",
"8:6.8.9.9-7ubuntu5.5",
"8:6.8.9.9-7ubuntu5.6",
"8:6.8.9.9-7ubuntu5.7",
"8:6.8.9.9-7ubuntu5.8",
"8:6.8.9.9-7ubuntu5.9",
"8:6.8.9.9-7ubuntu5.11",
"8:6.8.9.9-7ubuntu5.12",
"8:6.8.9.9-7ubuntu5.13",
"8:6.8.9.9-7ubuntu5.14",
"8:6.8.9.9-7ubuntu5.15",
"8:6.8.9.9-7ubuntu5.16",
"8:6.8.9.9-7ubuntu5.16+esm1",
"8:6.8.9.9-7ubuntu5.16+esm2",
"8:6.8.9.9-7ubuntu5.16+esm3",
"8:6.8.9.9-7ubuntu5.16+esm4",
"8:6.8.9.9-7ubuntu5.16+esm5",
"8:6.8.9.9-7ubuntu5.16+esm6",
"8:6.8.9.9-7ubuntu5.16+esm7"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2023-34151",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:18.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagick++-6.q16-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagick++-6.q16hdri-7",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6.q16-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickcore-6.q16hdri-3-extra",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickwand-6.q16-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "libmagickwand-6.q16hdri-3",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:18.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.7.4+dfsg-16ubuntu6.15+esm1?arch=source\u0026distro=esm-infra/bionic"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.7.4+dfsg-16ubuntu6.15+esm1"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.7.4+dfsg-16ubuntu2",
"8:6.9.7.4+dfsg-16ubuntu3",
"8:6.9.7.4+dfsg-16ubuntu4",
"8:6.9.7.4+dfsg-16ubuntu5",
"8:6.9.7.4+dfsg-16ubuntu6",
"8:6.9.7.4+dfsg-16ubuntu6.2",
"8:6.9.7.4+dfsg-16ubuntu6.3",
"8:6.9.7.4+dfsg-16ubuntu6.4",
"8:6.9.7.4+dfsg-16ubuntu6.7",
"8:6.9.7.4+dfsg-16ubuntu6.8",
"8:6.9.7.4+dfsg-16ubuntu6.9",
"8:6.9.7.4+dfsg-16ubuntu6.11",
"8:6.9.7.4+dfsg-16ubuntu6.12",
"8:6.9.7.4+dfsg-16ubuntu6.13",
"8:6.9.7.4+dfsg-16ubuntu6.14",
"8:6.9.7.4+dfsg-16ubuntu6.15"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2020-29599",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20224",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20241",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20244",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20246",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20309",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20312",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20313",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-39212",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:N",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-28463",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32545",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32546",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2022-32547",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:20.04:LTS"
}
},
"ecosystem_specific": {
"availability": "No subscription required",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
}
]
},
"package": {
"ecosystem": "Ubuntu:20.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.10.23+dfsg-2.1ubuntu11.9?arch=source\u0026distro=focal"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.10.23+dfsg-2.1ubuntu11.9"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.10.23+dfsg-2.1ubuntu3",
"8:6.9.10.23+dfsg-2.1ubuntu8",
"8:6.9.10.23+dfsg-2.1ubuntu9",
"8:6.9.10.23+dfsg-2.1ubuntu10",
"8:6.9.10.23+dfsg-2.1ubuntu11",
"8:6.9.10.23+dfsg-2.1ubuntu11.1",
"8:6.9.10.23+dfsg-2.1ubuntu11.2",
"8:6.9.10.23+dfsg-2.1ubuntu11.4",
"8:6.9.10.23+dfsg-2.1ubuntu11.5",
"8:6.9.10.23+dfsg-2.1ubuntu11.6",
"8:6.9.10.23+dfsg-2.1ubuntu11.7"
]
},
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2021-3610",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-1906",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3195",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2023-3428",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:22.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "imagemagick-6-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "imagemagick-6.q16hdri",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libimage-magick-q16hdri-perl",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagick++-6.q16-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagick++-6.q16hdri-8",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6.q16-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickcore-6.q16hdri-6-extra",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickwand-6.q16-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "libmagickwand-6.q16hdri-6",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:22.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2?arch=source\u0026distro=esm-apps/jammy"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.9.11.60+dfsg-1ubuntu1",
"8:6.9.11.60+dfsg-1.3",
"8:6.9.11.60+dfsg-1.3build1",
"8:6.9.11.60+dfsg-1.3build2",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1+esm1",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2+esm1",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3",
"8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3+esm1"
]
}
],
"aliases": [],
"details": "It was discovered that ImageMagick incorrectly handled the \"-authenticate\"\noption for password-protected PDF files. An attacker could possibly use\nthis issue to inject additional shell commands and perform arbitrary code\nexecution. This issue only affected Ubuntu 20.04 LTS. (CVE-2020-29599)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing PDF files. If a user or automated system using ImageMagick\nwere tricked into opening a specially crafted PDF file, an attacker could\nexploit this to cause a denial of service. This issue only affected Ubuntu\n20.04 LTS. (CVE-2021-20224)\n\nZhang Xiaohui discovered that ImageMagick incorrectly handled certain\nvalues when processing image data. If a user or automated system using\nImageMagick were tricked into opening a specially crafted image, an\nattacker could exploit this to cause a denial of service. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2021-20241, CVE-2021-20243)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing visual effects based image files. By tricking a user into\nopening a specially crafted image file, an attacker could crash the\napplication causing a denial of service. This issue only affected Ubuntu\n20.04 LTS. (CVE-2021-20244, CVE-2021-20309)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen performing resampling operations. By tricking a user into opening\na specially crafted image file, an attacker could crash the application\ncausing a denial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-20246)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing thumbnail image data. By tricking a user into opening\na specially crafted image file, an attacker could crash the application\ncausing a denial of service. This issue only affected Ubuntu 20.04 LTS.\n(CVE-2021-20312)\n\nIt was discovered that ImageMagick incorrectly handled memory cleanup\nwhen performing certain cryptographic operations. Under certain conditions\nsensitive cryptographic information could be disclosed. This issue only\naffected Ubuntu 20.04 LTS. (CVE-2021-20313)\n\nIt was discovered that ImageMagick did not use the correct rights when\nspecifically excluded by a module policy. An attacker could use this issue\nto read and write certain restricted files. This issue only affected Ubuntu\n20.04 LTS. (CVE-2021-39212)\n\nIt was discovered that ImageMagick incorrectly handled memory under certain\ncircumstances. If a user were tricked into opening a specially crafted\nimage file, an attacker could possibly exploit this issue to cause a denial\nof service or other unspecified impact. This issue only affected Ubuntu\n20.04 LTS. (CVE-2022-28463, CVE-2022-32545, CVE-2022-32546, CVE-2022-32547)\n\nIt was discovered that ImageMagick incorrectly handled memory under certain\ncircumstances. If a user were tricked into opening a specially crafted\nimage file, an attacker could possibly exploit this issue to cause a denial\nof service or other unspecified impact. This issue only affected Ubuntu\n22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2021-3610, CVE-2023-1906,\nCVE-2023-3428)\n\nIt was discovered that ImageMagick incorrectly handled certain values\nwhen processing specially crafted SVG files. By tricking a user into\nopening a specially crafted SVG file, an attacker could crash the\napplication causing a denial of service. This issue only affected Ubuntu\n20.04 LTS, Ubuntu 22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-1289)\n\nIt was discovered that ImageMagick incorrectly handled memory under certain\ncircumstances. If a user were tricked into opening a specially crafted\ntiff file, an attacker could possibly exploit this issue to cause a denial\nof service or other unspecified impact. This issue only affected Ubuntu\n22.04 LTS, Ubuntu 22.10, and Ubuntu 23.04. (CVE-2023-3195)\n\nIt was discovered that ImageMagick incorrectly handled memory under certain\ncircumstances. If a user were tricked into opening a specially crafted\nimage file, an attacker could possibly exploit this issue to cause a denial\nof service or other unspecified impact. (CVE-2023-34151)\n",
"id": "USN-6200-1",
"modified": "2026-06-25T10:46:14Z",
"published": "2023-07-04T09:23:39Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-6200-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-29599"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-3610"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20224"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20241"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20243"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20244"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20246"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20309"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20312"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20313"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-39212"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-28463"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32545"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32546"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2022-32547"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-1289"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-1906"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-3195"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-3428"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2023-34151"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "imagemagick vulnerabilities",
"upstream": [
"UBUNTU-CVE-2020-29599",
"UBUNTU-CVE-2021-3610",
"UBUNTU-CVE-2021-20224",
"UBUNTU-CVE-2021-20241",
"UBUNTU-CVE-2021-20243",
"UBUNTU-CVE-2021-20244",
"UBUNTU-CVE-2021-20246",
"UBUNTU-CVE-2021-20309",
"UBUNTU-CVE-2021-20312",
"UBUNTU-CVE-2021-20313",
"UBUNTU-CVE-2021-39212",
"UBUNTU-CVE-2022-28463",
"UBUNTU-CVE-2022-32545",
"UBUNTU-CVE-2022-32546",
"UBUNTU-CVE-2022-32547",
"UBUNTU-CVE-2023-1289",
"UBUNTU-CVE-2023-1906",
"UBUNTU-CVE-2023-3195",
"UBUNTU-CVE-2023-3428",
"UBUNTU-CVE-2023-34151"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.