Comment 2 for bug 2004580

Any news here? Marc Deslauriers committed a fix for bionic on Feb 9 (https://launchpad.net/ubuntu/bionic/+source/imagemagick/+changelog), but focal and jammy are still vulnerable.

Debian have classified this as severity "grave": https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1030767

I agree with this. It's trivially exploited using a crafted PNG. Every Ruby on Rails app, for example, shells out to `convert` out of the box for image resizing. It's a very standard use case.

Debian have also fixed it in bullseye (= same version as on jammy), only buster (= same version as on focal) remains unpatched.