Ubuntu Security Update USN-5855-4: ImageMagick vulnerabilities

[LinuxBot]

USN-5855-1 fixed vulnerabilities in ImageMagick. This update provides the corresponding updates for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. Original advisory details: It was discovered that ImageMagick incorrectly handled certain PNG images. If a user or automated system were tricked into opening a specially crafted PNG file, an attacker could use this issue to cause ImageMagick to stop responding, resulting in a denial of service, or possibly obtain the contents of arbitrary files by including them into images.

Continue reading...

 

[Condobloke]

I realise the 'problem' can be mitigated by updating the ubuntu version.....but......I am still wary of imagemagick. The fact that it 'comes along' with other apps....with no warning of its presence is disturbing.

I cannot remember the specific app I was about to install, but I hesitated long and hard when I noticed that imagemagick was included in its "also necessary' add ons.
I chose not to install.

Interested to know where imagemagick is present on your pc ?

from here : https://forums.linuxmint.com/viewtopic.php?t=229236

If you are using Synaptic Package Manager, you can filter for imagemagick, select imagemagick, click Dependencies (I have Settings -> General -> "Show package properties in the main window" checked. Otherwise you'll have to right-click and select Properties). In the Dependencies dropdown, select Dependants. There's a long list of applications dependant on ImageMagick.

Or from the command line:
CODE: SELECT ALL
# See who depends on imagemagick
apt-cache rdepends imagemagick

# See how imagemagick got installed
aptitude why imagemagick