CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the…

CVE-2021-45463 GEGL vulnerability Title: GEGL vulnerability Summary: GEGL could be made to run programs if it received specially crafted input. It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system() function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code. Instructions: In general, a standard system update will make all the necessary changes.

CVE-2021-45463 [HIGH] CWE-20 gegl: shell expansion via a crafted pathname gegl: shell expansion via a crafted pathname load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity. Package: gegl (Red Hat Enterprise Linux 6) - Out of support scope Package: gegl (Red Hat Enterprise Linu

CVE-2021-45463 [HIGH] CVE-2021-45463: gegl - load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a con... load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. Scope: local bookworm: resolved (fixed in 1:0.4.34-1) bullseye: resolved (fixed in 1:0.4.26-2+deb11u1) forky: resolved (fixed in 1:0.4.34-1) sid: resolved (fixed in 1:0.4.34-1) trixie: resolved (fixed in 1:0.4.34-1)

CVE-2021-45463 [HIGH] GHSA-g9gv-9646-jvp8: GEGL before 0 GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.

CVE-2021-45463 [HIGH] CVE-2021-45463: load_cache in GEGL before 0 load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.