SecurityHome.eu [USN-8263-1] ImageMagick vulnerabilities

Home / mailings PDF

[USN-8263-1] ImageMagick vulnerabilities
Posted on 12 May 2026
Ubuntu Security
==========================================================================Ubuntu Security Notice USN-8263-1
May 11, 2026

imagemagick vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. These issues only affected Ubuntu 14.04 LTS.
(CVE-2018-15607, CVE-2018-18544, CVE-2019-13137, CVE-2019-13391,
CVE-2019-13391)

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. (CVE-2026-24481, CVE-2026-24484, CVE-2026-24485,
CVE-2026-25576, CVE-2026-25638, CVE-2026-25797, CVE-2026-25965)

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specifically crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. These issues only affected Ubuntu 25.10.
(CVE-2026-25637, CVE-2026-25794, CVE-2026-25795, CVE-2026-25796,
CVE-2026-25797, CVE-2026-25798, CVE-2026-25799, CVE-2026-25897,
CVE-2026-25898)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
imagemagick-7.q16 8:7.1.2.3+dfsg1-1ubuntu0.1
imagemagick-7.q16hdri 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagick++-7.q16-5 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagick++-7.q16hdri-5 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16hdri-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickwand-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickwand-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1

Ubuntu 24.04 LTS
imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro

Ubuntu 22.04 LTS
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro

Ubuntu 20.04 LTS
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro

Ubuntu 18.04 LTS
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro

Ubuntu 16.04 LTS
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8263-1
CVE-2026-24481, CVE-2026-24484, CVE-2026-24485, CVE-2026-25576,
CVE-2026-25637, CVE-2026-25638, CVE-2026-25794, CVE-2026-25795,
CVE-2026-25796, CVE-2026-25797, CVE-2026-25798, CVE-2026-25799,
CVE-2026-25897, CVE-2026-25898, CVE-2026-25965

Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:7.1.2.3+dfsg1-1ubuntu0.1

--===============8777361741267659861==Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature

TOP

Mailings :

Last 20

Exploits :

Last 20