Ubuntu update for imagemagick
Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
1) Input validation error
EUVDB-ID: #VU61502
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ImageMagick. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU48719
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-19667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ReadXPMImage in coders/xpm.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds write
EUVDB-ID: #VU61503
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25664
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the WriteOnePNGImage() function of the PNG coder at coders/png.c. A remote attacker can create a specially crafted PNG file, pass it to the affected application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Out-of-bounds read
EUVDB-ID: #VU61504
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in coders/palm.c when processing PALM images. A remote attacker can create a specially crafted PALM file to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Out-of-bounds read
EUVDB-ID: #VU61505
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25674
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the WriteOnePNGImage() from coders/png.c. A remote attacker can create a specially crafted PNG file, pass it to the affected application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Integer overflow
EUVDB-ID: #VU61507
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25676
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo() function inMagickCore/pixel.c. A remote attacker can pass specially crafted image to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Division by zero
EUVDB-ID: #VU61571
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27750
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the MagickCore/colorspace-private.h and MagickCore/quantum.h files in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Memory leak
EUVDB-ID: #VU61506
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27753
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in /coders/miff.c. A remote attacker can pass a specially crafted MIFF file to the application and perform denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Division by zero
EUVDB-ID: #VU61572
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27760
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide-by-zero vulnerability in the GammaImage() function of /MagickCore/enhance.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Integer overflow
EUVDB-ID: #VU61573
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27762
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within coders/hdr.c file in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Integer overflow
EUVDB-ID: #VU61574
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27766
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the MagickCore/statistic.c file in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Integer overflow
EUVDB-ID: #VU61575
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27770
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the SubstituteString() function in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Division by zero
EUVDB-ID: #VU61578
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20176
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the gem.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Division by zero
EUVDB-ID: #VU61576
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20241
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the coders/jp2.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Division by zero
EUVDB-ID: #VU61577
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20243
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the MagickCore/resize.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
