Vulnetix
Try Vulnetix Request Demo
ESB-2026.3150 PUBLISHED CVSS 6.5 MEDIUM

=========================================================================== AUSCERT External Security Bulletin Redistribution ESB-2026.3150 USN-8127-1: ImageMagick vulnerabilities 1 April 2026 =========================================================================== AUSCERT Security Bulletin Summary --------------------------------- Product: ImageMagick Publisher: Ubuntu Operating System: Ubuntu Resolution: Patch/Upgrade CVE Names: CVE-2026-25795 CVE-2026-25796 CVE-2026-25799 CVE-2026-25988 CVE-2026-23952 CVE-2026-26066 CVE-2026-30883 CVE-2026-25798 CVE-2026-25970 CVE-2026-32636 Original Bulletin: https://ubuntu.com/security/notices/USN-8127-1 Comment: CVSS (Max): 6.5 CVE-2026-23952 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H) CVSS Source: Ubuntu Calculator: https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H EPSS (Max): 0.2% (35th) CVE-2026-25798 2026-03-30 - --------------------------BEGIN INCLUDED TEXT-------------------- USN-8127-1: ImageMagick vulnerabilities Publication date 30 March 2026 Overview Several security issues were fixed in ImageMagick. Releases 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS 14.04 LTS --------------------------------------------------------------------------------- Open side navigation Packages o imagemagick - Image manipulation programs and library Details It was discovered that ImageMagick did not properly process certain tags prior to an image being loaded. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. ( CVE-2026-23952 ) It was discovered that ImageMagick did not properly handle temporary file creation failures. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. ( CVE-2026-25795 ) It was discovered that ImageMagick did not properly manage memory under certain conditions. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. ( CVE-2026-25796 ) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. ( CVE-2026-25798 ) It was discovered that ImageMagick did not properly validate certain YUV sampling factors. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. ( CVE-2026-25799 ) It was discovered that ImageMagick incorrectly handled certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. This issue only affected Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu 24.04 LTS. ( CVE-2026-25970 ) It was discovered that ImageMagick incorrectly managed memory when handling certain specially crafted image files. An attacker could possibly use this issue to cause ImageMagick to consume resources, resulting in a denial of service. ( CVE-2026-25988 ) It was discovered that ImageMagick incorrectly handled certain crafted image profiles. An attacker could possibly use this issue to cause ImageMagick to consume available resources, resulting in a denial of service. ( CVE-2026-26066 ) It was discovered that ImageMagick incorrectly handled large image profiles when encoding PNG images. An attacker could use this issue to cause ImageMagick to crash, resulting in a denial of service, or possibly execute arbitrary code. ( CVE-2026-30883 ) Kamil Frankowicz discovered that ImageMagick incorrectly handled certain XML data. An attacker could possibly use this issue to cause ImageMagick to crash, resulting in a denial of service. ( CVE-2026-32636 ) --------------------------------------------------------------------------------- Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu Package Version Release imagemagick-6.q16 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. imagemagick-6.q16hdri - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16-perl - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16hdri-perl - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagick++-6.q16-9t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagick++-6.q16hdri-9t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. 24.04 libmagickcore-6-headers - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu LTS Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might noble become publicly available in the future. libmagickcore-6.q16-7-extra - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16-7t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-7-extra - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-7t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickwand-6.q16-7t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickwand-6.q16hdri-7t64 - 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm8 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. imagemagick-6.q16 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. imagemagick-6.q16hdri - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16-perl - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16hdri-perl - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagick++-6.q16-8 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagick++-6.q16hdri-8 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 22.04 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix LTS might become publicly available in the future. jammy libmagickcore-6.q16-6 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16-6-extra - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-6 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-6-extra - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickwand-6.q16-6 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickwand-6.q16hdri-6 - 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16-perl - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libimage-magick-q16hdri-perl - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu 20.04 Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might LTS become publicly available in the future. focal libmagickcore-6.q16-6-extra - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-6 - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. libmagickcore-6.q16hdri-6-extra - 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm9 Ubuntu Pro Fix available with Ubuntu Pro via ESM Apps. A community fix might become publicly available in the future. imagemagick-6.q16 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . imagemagick-6.q16hdri - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libimage-magick-q16-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libimage-magick-q16hdri-perl - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagick++-6.q16-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . 18.04 libmagick++-6.q16hdri-7 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro LTS Fix available with Ubuntu Pro . bionic libmagickcore-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagickcore-6.q16-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagickcore-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagickcore-6.q16hdri-3-extra - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagickwand-6.q16-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . libmagickwand-6.q16hdri-3 - 8:6.9.7.4+dfsg-16ubuntu6.15+esm11 Ubuntu Pro Fix available with Ubuntu Pro . imagemagick-6.q16 - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix available with Ubuntu Pro . libimage-magick-q16-perl - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix available with Ubuntu Pro . libmagick++-6.q16-5v5 - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix 16.04 available with Ubuntu Pro . LTS libmagickcore-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix xenial available with Ubuntu Pro . libmagickcore-6.q16-2-extra - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix available with Ubuntu Pro . libmagickwand-6-headers - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix available with Ubuntu Pro . libmagickwand-6.q16-2 - 8:6.8.9.9-7ubuntu5.16+esm19 Ubuntu Pro Fix available with Ubuntu Pro . imagemagick - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. imagemagick-common - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libmagick++5 - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available 14.04 with Ubuntu Pro via Legacy Support add-on. LTS libmagickcore5 - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available trusty with Ubuntu Pro via Legacy Support add-on. libmagickcore5-extra - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. libmagickwand5 - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. perlmagick - 8:6.7.7.10-6ubuntu3.13+esm20 Ubuntu Pro Fix available with Ubuntu Pro via Legacy Support add-on. --------------------------------------------------------------------------------- References o CVE-2026-32636 o CVE-2026-30883 o CVE-2026-26066 o CVE-2026-25988 o CVE-2026-25970 o CVE-2026-25799 o CVE-2026-25798 o CVE-2026-25796 o CVE-2026-25795 o CVE-2026-23952 - --------------------------END INCLUDED TEXT---------------------- You have received this e-mail bulletin as a result of your organisation's registration with AUSCERT. The mailing list you are subscribed to is maintained within your organisation, so if you do not wish to continue receiving these bulletins you should contact your local IT manager. If you do not know who that is, please send an email to auscert@auscert.org.au and we will forward your request to the appropriate person. NOTE: Third Party Rights This security bulletin is provided as a service to AUSCERT's members. As AUSCERT did not write the document quoted above, AUSCERT has had no control over its content. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AUSCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. NOTE: This is only the original release of the security bulletin. It may not be updated when updates to the original are made. If downloading at a later date, it is recommended that the bulletin is retrieved directly from the author's website to ensure that the information is still current. Contact information for the authors of the original document is included in the Security Bulletin above. If you have any questions or need further information, please contact them directly. Previous advisories and external security bulletins can be retrieved from: https://portal.auscert.org.au/bulletins/ =========================================================================== AUSCERT The University of Queensland, Brisbane QLD 4072 Australia e: auscert@auscert.org.au t: +61 (0)7 3365 4417 Allies in Cyber Security ===========================================================================

Risk Scores

CVSS v3.1
6.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
UbuntuImageMagick

Timeline

References

Open in Interactive Console →