Security Bulletin
This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU64947
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32545
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in coders/psd.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
External linkshttp://ubuntu.com/security/notices/USN-5534-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64948
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32546
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in coders/pcl.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
External linkshttp://ubuntu.com/security/notices/USN-5534-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU64949
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2022-32547
CWE-ID:
CWE-704 - Type conversion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a load of misaligned address for type 'double' in MagickCore/property.c. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
External linkshttp://ubuntu.com/security/notices/USN-5534-1
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.