UBUNTU-CVE-2024-41817

Source
https://ubuntu.com/security/CVE-2024-41817
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-41817.json
JSON Data
https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-41817
Related
Withdrawn
2025-06-23T15:58:46Z
Published
2024-07-29T16:15:00Z
Modified
2024-07-29T16:15:00Z
Summary
[none]
Details

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing ImageMagick. The vulnerability is fixed in 7.11-36.

References

Affected packages

Ubuntu:Pro:14.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.7.7.10-5ubuntu3
8:6.7.7.10-5ubuntu4
8:6.7.7.10-6ubuntu1
8:6.7.7.10-6ubuntu2
8:6.7.7.10-6ubuntu3
8:6.7.7.10-6ubuntu3.1
8:6.7.7.10-6ubuntu3.2
8:6.7.7.10-6ubuntu3.3
8:6.7.7.10-6ubuntu3.4
8:6.7.7.10-6ubuntu3.5
8:6.7.7.10-6ubuntu3.6
8:6.7.7.10-6ubuntu3.7
8:6.7.7.10-6ubuntu3.8
8:6.7.7.10-6ubuntu3.9
8:6.7.7.10-6ubuntu3.11
8:6.7.7.10-6ubuntu3.12
8:6.7.7.10-6ubuntu3.13
8:6.7.7.10-6ubuntu3.13+esm1
8:6.7.7.10-6ubuntu3.13+esm2
8:6.7.7.10-6ubuntu3.13+esm3
8:6.7.7.10-6ubuntu3.13+esm4
8:6.7.7.10-6ubuntu3.13+esm5
8:6.7.7.10-6ubuntu3.13+esm6
8:6.7.7.10-6ubuntu3.13+esm7
8:6.7.7.10-6ubuntu3.13+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2
8:6.8.9.9-6
8:6.8.9.9-6build1
8:6.8.9.9-7
8:6.8.9.9-7ubuntu1
8:6.8.9.9-7ubuntu2
8:6.8.9.9-7ubuntu3
8:6.8.9.9-7ubuntu4
8:6.8.9.9-7ubuntu5
8:6.8.9.9-7ubuntu5.1
8:6.8.9.9-7ubuntu5.2
8:6.8.9.9-7ubuntu5.3
8:6.8.9.9-7ubuntu5.4
8:6.8.9.9-7ubuntu5.5
8:6.8.9.9-7ubuntu5.6
8:6.8.9.9-7ubuntu5.7
8:6.8.9.9-7ubuntu5.8
8:6.8.9.9-7ubuntu5.9
8:6.8.9.9-7ubuntu5.11
8:6.8.9.9-7ubuntu5.12
8:6.8.9.9-7ubuntu5.13
8:6.8.9.9-7ubuntu5.14
8:6.8.9.9-7ubuntu5.15
8:6.8.9.9-7ubuntu5.16
8:6.8.9.9-7ubuntu5.16+esm1
8:6.8.9.9-7ubuntu5.16+esm2
8:6.8.9.9-7ubuntu5.16+esm3
8:6.8.9.9-7ubuntu5.16+esm4
8:6.8.9.9-7ubuntu5.16+esm5
8:6.8.9.9-7ubuntu5.16+esm6
8:6.8.9.9-7ubuntu5.16+esm7
8:6.8.9.9-7ubuntu5.16+esm8
8:6.8.9.9-7ubuntu5.16+esm9
8:6.8.9.9-7ubuntu5.16+esm10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.7.4+dfsg-16ubuntu2
8:6.9.7.4+dfsg-16ubuntu3
8:6.9.7.4+dfsg-16ubuntu4
8:6.9.7.4+dfsg-16ubuntu5
8:6.9.7.4+dfsg-16ubuntu6
8:6.9.7.4+dfsg-16ubuntu6.2
8:6.9.7.4+dfsg-16ubuntu6.3
8:6.9.7.4+dfsg-16ubuntu6.4
8:6.9.7.4+dfsg-16ubuntu6.7
8:6.9.7.4+dfsg-16ubuntu6.8
8:6.9.7.4+dfsg-16ubuntu6.9
8:6.9.7.4+dfsg-16ubuntu6.11
8:6.9.7.4+dfsg-16ubuntu6.12
8:6.9.7.4+dfsg-16ubuntu6.13
8:6.9.7.4+dfsg-16ubuntu6.14
8:6.9.7.4+dfsg-16ubuntu6.15
8:6.9.7.4+dfsg-16ubuntu6.15+esm1
8:6.9.7.4+dfsg-16ubuntu6.15+esm2
8:6.9.7.4+dfsg-16ubuntu6.15+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.10.23+dfsg-2.1ubuntu3
8:6.9.10.23+dfsg-2.1ubuntu8
8:6.9.10.23+dfsg-2.1ubuntu9
8:6.9.10.23+dfsg-2.1ubuntu10
8:6.9.10.23+dfsg-2.1ubuntu11
8:6.9.10.23+dfsg-2.1ubuntu11.1
8:6.9.10.23+dfsg-2.1ubuntu11.2
8:6.9.10.23+dfsg-2.1ubuntu11.4
8:6.9.10.23+dfsg-2.1ubuntu11.5
8:6.9.10.23+dfsg-2.1ubuntu11.6
8:6.9.10.23+dfsg-2.1ubuntu11.7
8:6.9.10.23+dfsg-2.1ubuntu11.9
8:6.9.10.23+dfsg-2.1ubuntu11.10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1ubuntu1
8:6.9.11.60+dfsg-1.3
8:6.9.11.60+dfsg-1.3build1
8:6.9.11.60+dfsg-1.3build2
8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1
8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2
8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3
8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / imagemagick

Package

Name
imagemagick
Purl
pkg:deb/ubuntu/imagemagick

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6ubuntu1
8:6.9.12.98+dfsg1-5
8:6.9.12.98+dfsg1-5.2build1
8:6.9.12.98+dfsg1-5.2build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}