Security Bulletin
This security bulletin contains information about 15 vulnerabilities.
EUVDB-ID: #VU61502
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2017-13144
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in ImageMagick. A remote attacker can pass specially crafted image to the application and perform a denial of service (DoS) attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU48719
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-19667
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error in ReadXPMImage in coders/xpm.c. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61503
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25664
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the WriteOnePNGImage() function of the PNG coder at coders/png.c. A remote attacker can create a specially crafted PNG file, pass it to the affected application, trigger an out-of-bounds write and execute arbitrary code on the target system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61504
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25665
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in coders/palm.c when processing PALM images. A remote attacker can create a specially crafted PALM file to the application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61505
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25674
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the WriteOnePNGImage() from coders/png.c. A remote attacker can create a specially crafted PNG file, pass it to the affected application, trigger an out-of-bounds read error and read contents of memory on the system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61507
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-25676
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the CatromWeights(), MeshInterpolate(), InterpolatePixelChannel(), InterpolatePixelChannels(), and InterpolatePixelInfo() function inMagickCore/pixel.c. A remote attacker can pass specially crafted image to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61571
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27750
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the MagickCore/colorspace-private.h and MagickCore/quantum.h files in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61506
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27753
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak in /coders/miff.c. A remote attacker can pass a specially crafted MIFF file to the application and perform denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61572
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27760
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a divide-by-zero vulnerability in the GammaImage() function of /MagickCore/enhance.c. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61573
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27762
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow within coders/hdr.c file in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61574
Risk: High
CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27766
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow within the MagickCore/statistic.c file in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61575
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-27770
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to integer overflow in the SubstituteString() function in ImageMagick. A remote attacker can pass specially crafted data to the application, trigger integer overflow and crash the application.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61578
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20176
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the gem.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61576
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20241
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the coders/jp2.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU61577
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-20243
CWE-ID:
CWE-369 - Divide By Zero
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a division by zero error within the MagickCore/resize.c file in ImageMagick. A remote attacker can pass specially crafted data to the application and crash it.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickwand-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-arch-config (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
perlmagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libmagickcore-6.q16-dev (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
imagemagick-common (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
libimage-magick-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm2
External linkshttp://ubuntu.com/security/notices/USN-5335-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.