usn-5335-1
Vulnerability from osv_ubuntu
It was discovered that ImageMagick incorrectly handled certain values when processing XPM image data or large images. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-19667, CVE-2017-13144)
Suhwan Song discovered that ImageMagick incorrectly handled memory when processing PNG,PALM,MIFF image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service or possibly execute code with the privileges of the user invoking the program. (CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753)
Suhwan Song discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762, CVE-2020-27766, CVE-2020-27770)
Zhang Xiaohui discovered that ImageMagick incorrectly handled certain values when processing image data. If a user or automated system using ImageMagick were tricked into opening a specially crafted image, an attacker could exploit this to cause a denial of service. (CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)
{
"affected": [
{
"database_specific": {
"cves_map": {
"cves": [
{
"id": "CVE-2017-13144",
"severity": [
{
"score": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "negligible",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-19667",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25664",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:H",
"type": "CVSS_V3"
},
{
"score": "medium",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25665",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25674",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-25676",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27750",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27753",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27760",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27762",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27766",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2020-27770",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20176",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20241",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
},
{
"id": "CVE-2021-20243",
"severity": [
{
"score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"type": "CVSS_V3"
},
{
"score": "low",
"type": "Ubuntu"
}
]
}
],
"ecosystem": "Ubuntu:Pro:16.04:LTS"
}
},
"ecosystem_specific": {
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro",
"binaries": [
{
"binary_name": "imagemagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "imagemagick-6.q16",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "imagemagick-common",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libimage-magick-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libimage-magick-q16-perl",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagick++-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagick++-6.q16-5v5",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickcore-6-arch-config",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickcore-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickcore-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickcore-6.q16-2-extra",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickwand-6-headers",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "libmagickwand-6.q16-2",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
},
{
"binary_name": "perlmagick",
"binary_version": "8:6.8.9.9-7ubuntu5.16+esm2"
}
]
},
"package": {
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"name": "imagemagick",
"purl": "pkg:deb/ubuntu/imagemagick@8:6.8.9.9-7ubuntu5.16+esm2?arch=source\u0026distro=esm-infra/xenial"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "8:6.8.9.9-7ubuntu5.16+esm2"
}
],
"type": "ECOSYSTEM"
}
],
"versions": [
"8:6.8.9.9-5ubuntu2",
"8:6.8.9.9-6",
"8:6.8.9.9-6build1",
"8:6.8.9.9-7",
"8:6.8.9.9-7ubuntu1",
"8:6.8.9.9-7ubuntu2",
"8:6.8.9.9-7ubuntu3",
"8:6.8.9.9-7ubuntu4",
"8:6.8.9.9-7ubuntu5",
"8:6.8.9.9-7ubuntu5.1",
"8:6.8.9.9-7ubuntu5.2",
"8:6.8.9.9-7ubuntu5.3",
"8:6.8.9.9-7ubuntu5.4",
"8:6.8.9.9-7ubuntu5.5",
"8:6.8.9.9-7ubuntu5.6",
"8:6.8.9.9-7ubuntu5.7",
"8:6.8.9.9-7ubuntu5.8",
"8:6.8.9.9-7ubuntu5.9",
"8:6.8.9.9-7ubuntu5.11",
"8:6.8.9.9-7ubuntu5.12",
"8:6.8.9.9-7ubuntu5.13",
"8:6.8.9.9-7ubuntu5.14",
"8:6.8.9.9-7ubuntu5.15",
"8:6.8.9.9-7ubuntu5.16",
"8:6.8.9.9-7ubuntu5.16+esm1"
]
}
],
"aliases": [],
"details": "It was discovered that ImageMagick incorrectly handled certain values\nwhen processing XPM image data or large images. If a user or automated\nsystem using ImageMagick were tricked into opening a specially crafted\nimage, an attacker could exploit this to cause a denial of service or\npossibly execute code with the privileges of the user invoking the program.\n(CVE-2020-19667, CVE-2017-13144)\n\nSuhwan Song discovered that ImageMagick incorrectly handled memory\nwhen processing PNG,PALM,MIFF image data. If a user or automated system\nusing ImageMagick were tricked into opening a specially crafted image,\nan attacker could exploit this to cause a denial of service or possibly\nexecute code with the privileges of the user invoking the program.\n(CVE-2020-25664, CVE-2020-25665, CVE-2020-25674, CVE-2020-27753)\n\nSuhwan Song discovered that ImageMagick incorrectly handled certain values\nwhen processing image data. If a user or automated system using\nImageMagick were tricked into opening a specially crafted image, an\nattacker could exploit this to cause a denial of service.\n(CVE-2020-25676, CVE-2020-27750, CVE-2020-27760, CVE-2020-27762,\nCVE-2020-27766, CVE-2020-27770)\n\nZhang Xiaohui discovered that ImageMagick incorrectly handled certain values\nwhen processing image data. If a user or automated system using\nImageMagick were tricked into opening a specially crafted image, an\nattacker could exploit this to cause a denial of service.\n(CVE-2021-20176, CVE-2021-20241, CVE-2021-20243)\n",
"id": "USN-5335-1",
"modified": "2026-06-25T10:46:04Z",
"published": "2022-03-18T11:18:34Z",
"references": [
{
"type": "ADVISORY",
"url": "https://ubuntu.com/security/notices/USN-5335-1"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2017-13144"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-19667"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25664"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25665"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25674"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-25676"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27750"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27753"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27760"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27762"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27766"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2020-27770"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20176"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20241"
},
{
"type": "REPORT",
"url": "https://ubuntu.com/security/CVE-2021-20243"
}
],
"related": [],
"schema_version": "1.7.0",
"summary": "imagemagick vulnerabilities",
"upstream": [
"UBUNTU-CVE-2017-13144",
"UBUNTU-CVE-2020-19667",
"UBUNTU-CVE-2020-25664",
"UBUNTU-CVE-2020-25665",
"UBUNTU-CVE-2020-25674",
"UBUNTU-CVE-2020-25676",
"UBUNTU-CVE-2020-27750",
"UBUNTU-CVE-2020-27753",
"UBUNTU-CVE-2020-27760",
"UBUNTU-CVE-2020-27762",
"UBUNTU-CVE-2020-27766",
"UBUNTU-CVE-2020-27770",
"UBUNTU-CVE-2021-20176",
"UBUNTU-CVE-2021-20241",
"UBUNTU-CVE-2021-20243"
]
}
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.