USN-2132-1: ImageMagick vulnerabilities
6 March 2014
ImageMagick could be made to crash or run programs if it opened a specially crafted image file.
Releases
Packages
- imagemagick - Image manipulation programs and library
Details
Aleksis Kauppinen, Joonas Kuorilehto and Tuomas Parttimaa discovered that
ImageMagick incorrectly handled certain restart markers in JPEG images. If
a user or automated system using ImageMagick were tricked into opening a
specially crafted JPEG image, an attacker could exploit this to cause
memory consumption, resulting in a denial of service. This issue only
affected Ubuntu 12.04 LTS. (CVE-2012-0260)
It was discovered that ImageMagick incorrectly handled decoding certain PSD
images. If a user or automated system using ImageMagick were tricked into
opening a specially crafted PSD image, an attacker could exploit this to
cause a denial of service or possibly execute code with the privileges of
the user invoking the program. (CVE-2014-1958, CVE-2014-2030)
Update instructions
The problem can be corrected by updating your system to the following package versions:
Ubuntu 13.10
Ubuntu 12.10
Ubuntu 12.04
In general, a standard system update will make all the necessary changes.