Ubuntu released two security updates to address critical flaws in ImageMagick and Exim across several supported distributions. The first notice covers multiple versions of the image processing library, warning that specially crafted pictures could trick the software into running malicious code or crashing entirely. Meanwhile, mail server admins running Ubuntu 22.04 through 26.04 need to patch a parsing flaw that lets attackers crash the service or execute arbitrary commands. Both issues resolve through routine package updates, so system administrators should apply the latest security patches as soon as possible to keep their infrastructure secure.

[USN-8263-1] ImageMagick vulnerabilities
[USN-8270-1] Exim vulnerability

[USN-8263-1] ImageMagick vulnerabilities

==========================================================================
Ubuntu Security Notice USN-8263-1
May 11, 2026

imagemagick vulnerabilities
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS
- Ubuntu 20.04 LTS
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
- Ubuntu 14.04 LTS

Summary:

Several security issues were fixed in ImageMagick.

Software Description:
- imagemagick: Image manipulation programs and library

Details:

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. These issues only affected Ubuntu 14.04 LTS.
(CVE-2018-15607, CVE-2018-18544, CVE-2019-13137, CVE-2019-13391,
CVE-2019-13391)

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specially crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. (CVE-2026-24481, CVE-2026-24484, CVE-2026-24485,
CVE-2026-25576, CVE-2026-25638, CVE-2026-25797, CVE-2026-25965)

It was discovered that ImageMagick incorrectly handled certain malformed
image files in certain instances. If a user or automated system using
ImageMagick were tricked into opening a specifically crafted image, an
attacker could possibly use these issues to cause a denial of service or
possibly execute code. These issues only affected Ubuntu 25.10.
(CVE-2026-25637, CVE-2026-25794, CVE-2026-25795, CVE-2026-25796,
CVE-2026-25797, CVE-2026-25798, CVE-2026-25799, CVE-2026-25897,
CVE-2026-25898)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 25.10
imagemagick-7.q16 8:7.1.2.3+dfsg1-1ubuntu0.1
imagemagick-7.q16hdri 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagick++-7.q16-5 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagick++-7.q16hdri-5 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickcore-7.q16hdri-10-extra 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickwand-7.q16-10 8:7.1.2.3+dfsg1-1ubuntu0.1
libmagickwand-7.q16hdri-10 8:7.1.2.3+dfsg1-1ubuntu0.1

Ubuntu 24.04 LTS
imagemagick-6.q16 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6-headers 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6.q16-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagick++-6.q16hdri-9t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7-extra 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickcore-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickwand-6.q16-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro
libmagickwand-6.q16hdri-7t64 8:6.9.12.98+dfsg1-5.2ubuntu0.1~esm9
Available with Ubuntu Pro

Ubuntu 22.04 LTS
imagemagick-6.q16 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.11.60+dfsg-1.3ubuntu0.22.04.5+esm10
Available with Ubuntu Pro

Ubuntu 20.04 LTS
imagemagick-6.q16 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagick++-6.q16-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagick++-6.q16hdri-8 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickcore-6.q16hdri-6-extra 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickwand-6.q16-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro
libmagickwand-6.q16hdri-6 8:6.9.10.23+dfsg-2.1ubuntu11.11+esm10
Available with Ubuntu Pro

Ubuntu 18.04 LTS
imagemagick-6.q16 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
imagemagick-6.q16hdri 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagick++-6.q16-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagick++-6.q16hdri-7 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickcore-6.q16hdri-3-extra 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6.q16-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro
libmagickwand-6.q16hdri-3 8:6.9.7.4+dfsg-16ubuntu6.15+esm12
Available with Ubuntu Pro

Ubuntu 16.04 LTS
imagemagick-6.q16 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagick++-6.q16-5v5 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickcore-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickcore-6.q16-2-extra 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickwand-6-headers 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro
libmagickwand-6.q16-2 8:6.8.9.9-7ubuntu5.16+esm20
Available with Ubuntu Pro

Ubuntu 14.04 LTS
libmagick++5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickcore5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickcore5-extra 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro
libmagickwand5 8:6.7.7.10-6ubuntu3.13+esm21
Available with Ubuntu Pro

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8263-1
CVE-2026-24481, CVE-2026-24484, CVE-2026-24485, CVE-2026-25576,
CVE-2026-25637, CVE-2026-25638, CVE-2026-25794, CVE-2026-25795,
CVE-2026-25796, CVE-2026-25797, CVE-2026-25798, CVE-2026-25799,
CVE-2026-25897, CVE-2026-25898, CVE-2026-25965

Package Information:
https://launchpad.net/ubuntu/+source/imagemagick/8:7.1.2.3+dfsg1-1ubuntu0.1

[USN-8270-1] Exim vulnerability

==========================================================================
Ubuntu Security Notice USN-8270-1
May 12, 2026

exim4 vulnerability
==========================================================================

A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 26.04 LTS
- Ubuntu 25.10
- Ubuntu 24.04 LTS
- Ubuntu 22.04 LTS

Summary:

Exim could be made to crash or run programs if it received specially
crafted network traffic.

Software Description:
- exim4: Exim is a mail transport agent

Details:

It was discovered that Exim incorrectly handled BDAT body parsing. A remote
attacker could use this issue to cause Exim to crash, resulting in a denial
of service, or possibly execute arbitrary code.

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 26.04 LTS
exim4 4.99.1-1ubuntu1.2
exim4-base 4.99.1-1ubuntu1.2
eximon4 4.99.1-1ubuntu1.2

Ubuntu 25.10
exim4 4.98.2-1ubuntu2.2
exim4-base 4.98.2-1ubuntu2.2
eximon4 4.98.2-1ubuntu2.2

Ubuntu 24.04 LTS
exim4 4.97-4ubuntu4.5
exim4-base 4.97-4ubuntu4.5
eximon4 4.97-4ubuntu4.5

Ubuntu 22.04 LTS
exim4 4.95-4ubuntu2.8
exim4-base 4.95-4ubuntu2.8
eximon4 4.95-4ubuntu2.8

In general, a standard system update will make all the necessary changes.

References:
https://ubuntu.com/security/notices/USN-8270-1
https://launchpad.net/bugs/2152202

Package Information:
https://launchpad.net/ubuntu/+source/exim4/4.99.1-1ubuntu1.2
https://launchpad.net/ubuntu/+source/exim4/4.98.2-1ubuntu2.2
https://launchpad.net/ubuntu/+source/exim4/4.97-4ubuntu4.5
https://launchpad.net/ubuntu/+source/exim4/4.95-4ubuntu2.8