SecurityHome.eu [USN-8069-1] ImageMagick vulnerabilities

Home / mailings PDF

[USN-8069-1] ImageMagick vulnerabilities
Posted on 04 March 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-8069-1
March 04, 2026

imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick did not properly decode certain SUN
image files. An attacker could use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25897)

It was discovered that ImageMagick did not properly validate pixel index
values when writing UIL and XPM image files. An attacker could use this issue
to cause ImageMagick to crash, resulting in a denial of service, or possibly
obtain sensitive information. (CVE-2026-25898)

It was discovered that ImageMagick's MSL decoder did not properly handle
certain attribute values. An attacker could use this issue to cause ImageMagick
to crash, resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25968)

It was discovered that ImageMagick's MSL decoder did not properly handle memory
when processing certain script elements. An attacker could use this issue to
cause ImageMagick to crash, resulting in a denial of service, or possibly
execute arbitrary code. (CVE-2026-25983)

It was discovered that ImageMagick did not properly handle certain YUV image
files. An attacker could use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly execute arbitrary code.
(CVE-2026-25986)

It was discovered that ImageMagick did not properly handle certain MAP image
files. An attacker could use this issue to cause ImageMagick to crash,
resulting in a denial of service, or possibly obtain sensitive information.
(CVE-2026-25987)

It was discovered that ImageMagick's PCD decoder did not properly process
Huffman-coded data. An attacker could use this issue to cause ImageMagick to
crash, resulting in a denial of service, or possibly obtain sensitive
information. (CVE-2026-26284)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 24.04 LTS
imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro
libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm7
Available with Ubuntu Pro

Ubuntu 22.04 LTS
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm8
Available with Ubuntu Pro

Ubuntu 20.04 LTS
libimage-magick-q16-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm8
Available with Ubuntu Pro

Ubuntu 18.04 LTS
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libimage-magick-q16hdri-perl 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm10
Available with Ubuntu Pro

Ubuntu 16.04 LTS
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro
libimage-magick-q16-perl 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm18
Available with Ubuntu Pro

Ubuntu 14.04 LTS
imagemagick 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
imagemagick-common 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro
perlmagick 8:6.7.7.10-6ubuntu3.13+esm19
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8069-1
CVE-2026-25897, CVE-2026-25898, CVE-2026-25968, CVE-2026-25983,
CVE-2026-25986, CVE-2026-25987, CVE-2026-26284

--===============2378575355513818329==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20