SB2022072647 - Ubuntu update for imagemagick

Description

This security bulletin contains information about 3 secuirty vulnerabilities.

1) Integer overflow (CVE-ID: CVE-2022-32545)

The vulnerability allows a remote attacker to perform a denial of service attack. 

The vulnerability exists due to integer overflow in coders/psd.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack. 

2) Integer overflow (CVE-ID: CVE-2022-32546)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to integer overflow in coders/pcl.c in the ImageMagick when processing crafted or untrusted input. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.

3) Type conversion (CVE-ID: CVE-2022-32547)

The vulnerability allows a remote attacker to perform a denial of service attack.

The vulnerability exists due to a load of misaligned address for type 'double' in MagickCore/property.c. A remote attacker can trick the victim into opening a specially crafted file and perform a denial of service attack.

Remediation

Install update from vendor's website.

References

• https://ubuntu.com/security/notices/USN-5534-1