UBUNTU-CVE-2024-41817

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2024-41817

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2024/UBUNTU-CVE-2024-41817.json

JSON Data

https://api.osv.dev/v1/vulns/UBUNTU-CVE-2024-41817

Related

CVE-2024-41817

Withdrawn

2025-06-23T15:58:46Z

Published

2024-07-29T16:15:00Z

Modified

2024-07-29T16:15:00Z

Summary

[none]

Details

ImageMagick is a free and open-source software suite, used for editing and manipulating digital images. The AppImage version ImageMagick might use an empty path when setting MAGICK_CONFIGURE_PATH and LD_LIBRARY_PATH environment variables while executing, which might lead to arbitrary code execution by loading malicious configuration files or shared libraries in the current working directory while executing ImageMagick. The vulnerability is fixed in 7.11-36.

References

Affected packages

Ubuntu:Pro:14.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.7.7.10-5ubuntu3

8:6.7.7.10-5ubuntu4

8:6.7.7.10-6ubuntu1

8:6.7.7.10-6ubuntu2

8:6.7.7.10-6ubuntu3

8:6.7.7.10-6ubuntu3.1

8:6.7.7.10-6ubuntu3.2

8:6.7.7.10-6ubuntu3.3

8:6.7.7.10-6ubuntu3.4

8:6.7.7.10-6ubuntu3.5

8:6.7.7.10-6ubuntu3.6

8:6.7.7.10-6ubuntu3.7

8:6.7.7.10-6ubuntu3.8

8:6.7.7.10-6ubuntu3.9

8:6.7.7.10-6ubuntu3.11

8:6.7.7.10-6ubuntu3.12

8:6.7.7.10-6ubuntu3.13

8:6.7.7.10-6ubuntu3.13+esm1

8:6.7.7.10-6ubuntu3.13+esm2

8:6.7.7.10-6ubuntu3.13+esm3

8:6.7.7.10-6ubuntu3.13+esm4

8:6.7.7.10-6ubuntu3.13+esm5

8:6.7.7.10-6ubuntu3.13+esm6

8:6.7.7.10-6ubuntu3.13+esm7

8:6.7.7.10-6ubuntu3.13+esm8

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:16.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.8.9.9-5ubuntu2

8:6.8.9.9-6

8:6.8.9.9-6build1

8:6.8.9.9-7

8:6.8.9.9-7ubuntu1

8:6.8.9.9-7ubuntu2

8:6.8.9.9-7ubuntu3

8:6.8.9.9-7ubuntu4

8:6.8.9.9-7ubuntu5

8:6.8.9.9-7ubuntu5.1

8:6.8.9.9-7ubuntu5.2

8:6.8.9.9-7ubuntu5.3

8:6.8.9.9-7ubuntu5.4

8:6.8.9.9-7ubuntu5.5

8:6.8.9.9-7ubuntu5.6

8:6.8.9.9-7ubuntu5.7

8:6.8.9.9-7ubuntu5.8

8:6.8.9.9-7ubuntu5.9

8:6.8.9.9-7ubuntu5.11

8:6.8.9.9-7ubuntu5.12

8:6.8.9.9-7ubuntu5.13

8:6.8.9.9-7ubuntu5.14

8:6.8.9.9-7ubuntu5.15

8:6.8.9.9-7ubuntu5.16

8:6.8.9.9-7ubuntu5.16+esm1

8:6.8.9.9-7ubuntu5.16+esm2

8:6.8.9.9-7ubuntu5.16+esm3

8:6.8.9.9-7ubuntu5.16+esm4

8:6.8.9.9-7ubuntu5.16+esm5

8:6.8.9.9-7ubuntu5.16+esm6

8:6.8.9.9-7ubuntu5.16+esm7

8:6.8.9.9-7ubuntu5.16+esm8

8:6.8.9.9-7ubuntu5.16+esm9

8:6.8.9.9-7ubuntu5.16+esm10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.7.4+dfsg-16ubuntu2

8:6.9.7.4+dfsg-16ubuntu3

8:6.9.7.4+dfsg-16ubuntu4

8:6.9.7.4+dfsg-16ubuntu5

8:6.9.7.4+dfsg-16ubuntu6

8:6.9.7.4+dfsg-16ubuntu6.2

8:6.9.7.4+dfsg-16ubuntu6.3

8:6.9.7.4+dfsg-16ubuntu6.4

8:6.9.7.4+dfsg-16ubuntu6.7

8:6.9.7.4+dfsg-16ubuntu6.8

8:6.9.7.4+dfsg-16ubuntu6.9

8:6.9.7.4+dfsg-16ubuntu6.11

8:6.9.7.4+dfsg-16ubuntu6.12

8:6.9.7.4+dfsg-16ubuntu6.13

8:6.9.7.4+dfsg-16ubuntu6.14

8:6.9.7.4+dfsg-16ubuntu6.15

8:6.9.7.4+dfsg-16ubuntu6.15+esm1

8:6.9.7.4+dfsg-16ubuntu6.15+esm2

8:6.9.7.4+dfsg-16ubuntu6.15+esm3

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.10.23+dfsg-2.1ubuntu3

8:6.9.10.23+dfsg-2.1ubuntu8

8:6.9.10.23+dfsg-2.1ubuntu9

8:6.9.10.23+dfsg-2.1ubuntu10

8:6.9.10.23+dfsg-2.1ubuntu11

8:6.9.10.23+dfsg-2.1ubuntu11.1

8:6.9.10.23+dfsg-2.1ubuntu11.2

8:6.9.10.23+dfsg-2.1ubuntu11.4

8:6.9.10.23+dfsg-2.1ubuntu11.5

8:6.9.10.23+dfsg-2.1ubuntu11.6

8:6.9.10.23+dfsg-2.1ubuntu11.7

8:6.9.10.23+dfsg-2.1ubuntu11.9

8:6.9.10.23+dfsg-2.1ubuntu11.10

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1ubuntu1

8:6.9.11.60+dfsg-1.3

8:6.9.11.60+dfsg-1.3build1

8:6.9.11.60+dfsg-1.3build2

8:6.9.11.60+dfsg-1.3ubuntu0.22.04.1

8:6.9.11.60+dfsg-1.3ubuntu0.22.04.2

8:6.9.11.60+dfsg-1.3ubuntu0.22.04.3

8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:24.04:LTS / imagemagick

Package

Name: imagemagick
Purl: pkg:deb/ubuntu/imagemagick

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

8:6.*

8:6.9.11.60+dfsg-1.6ubuntu1

8:6.9.12.98+dfsg1-5

8:6.9.12.98+dfsg1-5.2build1

8:6.9.12.98+dfsg1-5.2build2

Ecosystem specific

{
    "ubuntu_priority": "medium"
}