This security bulletin contains information about 3 vulnerabilities.
EUVDB-ID: #VU64947
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32545
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in coders/psd.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
http://ubuntu.com/security/notices/USN-5534-1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64948
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32546
CWE-ID:
CWE-190 - Integer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to integer overflow in coders/pcl.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
Update the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
http://ubuntu.com/security/notices/USN-5534-1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?
EUVDB-ID: #VU64949
Risk: Low
CVSSv3.1:
CVE-ID: CVE-2022-32547
CWE-ID:
CWE-704 - Incorrect Type Conversion or Cast (Type Conversion)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service attack.
The vulnerability exists due to a load of misaligned address for type 'double' in MagickCore/property.c. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.
MitigationUpdate the affected package imagemagick to the latest version.
Vulnerable software versionsUbuntu: 16.04
libmagickcore-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickwand-6.q16-2 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6-headers (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagickcore-6.q16-2-extra (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libmagick++-6.q16-5v5 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick-6.q16 (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
libimage-magick-q16-perl (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
imagemagick (Ubuntu package): before 8:6.8.9.97ubuntu5.16+esm4
http://ubuntu.com/security/notices/USN-5534-1
Can this vulnerability be exploited remotely?
Is there known malware, which exploits this vulnerability?