SB2026040101 - Ubuntu update for imagemagick

Security Bulletin ID SB2026040101

CSH Severity

Medium

Patch available

YES

Number of vulnerabilities 10

Exploitation vector Remote access

Highest impact Denial of service

Breakdown by Severity

Low
Medium
High
Critical

Description

This security bulletin contains information about 10 vulnerabilities.

1) NULL pointer dereference (CVE-ID: CVE-2026-23952)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in MSL parser within "comment" tag before image load. A remote user can pass specially crafted data to the application and perform a denial of service (DoS) attack.

2) NULL pointer dereference (CVE-ID: CVE-2026-25795)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in the "ReadSFWImage()" function. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

3) Memory leak (CVE-ID: CVE-2026-25796)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in the "ReadSTEGANOImage()" function on multiple error/early-return paths. A remote attacker can force the application to leak memory and perform denial of service attack.

4) NULL pointer dereference (CVE-ID: CVE-2026-25798)

CWE-ID: CWE-476 - NULL Pointer Dereference

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a NULL pointer dereference error in ClonePixelCacheRepository. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.

5) Division by zero (CVE-ID: CVE-2026-25799)

CWE-ID: CWE-369 - Divide By Zero

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to the divide-by-zero issue in YUV sampling factor validation. A remote attacker can cause a denial of service condition on the target system.

6) Integer overflow (CVE-ID: CVE-2026-25970)

CWE-ID: CWE-190 - Integer overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to integer overflow in SIXEL decoder. A remote attacker can pass specially crafted data to the application, trigger integer overflow and cause a denial of service condition on the target system.

7) Memory leak (CVE-ID: CVE-2026-25988)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform DoS attack on the target system.

The vulnerability exists due memory leak in msl.c. A remote attacker can force the application to leak memory and perform denial of service attack.

8) Resource exhaustion (CVE-ID: CVE-2026-26066)

CWE-ID: CWE-400 - Resource exhaustion

CVSSv4: CVSS:4.0/AV:L/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a local attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to application does not properly control consumption of internal resources when writing IPTCTEXT. A local attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.

9) Heap-based buffer overflow (CVE-ID: CVE-2026-30883)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error when writing extremely large image profile in the PNG encoder. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.

10) Heap-based buffer overflow (CVE-ID: CVE-2026-32636)

CWE-ID: CWE-122 - Heap-based Buffer Overflow

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Green

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to a boundary error in the NewXMLTree method. A remote attacker can pass specially crafted data to the application, trigger a heap-based buffer overflow and cause a denial of service condition on the target system.

Remediation

Install update from vendor's website.

References

https://ubuntu.com/security/notices/USN-8127-1

SB2026040101 - Ubuntu update for imagemagick

Breakdown by Severity

Description

Remediation

References

Please verify you're human