Debian Gegl vulnerabilities

CVE-2026-2050 CVE-2026-2050: gegl bookworm: resolved (fixed in 1:0.4.42-2+deb12u2) bullseye: resolved (fixed in 1:0.4.26-2+deb11u2) forky: resolved (fixed in 1:0.4.66-1) sid: resolved (fixed in 1:0.4.66-1) trixie: resolved (fixed in 1:0.4.62-2+deb13u2)

CVE-2026-2049 CVE-2026-2049: gegl bookworm: resolved (fixed in 1:0.4.42-2+deb12u2) bullseye: resolved (fixed in 1:0.4.26-2+deb11u2) forky: resolved (fixed in 1:0.4.66-1) sid: resolved (fixed in 1:0.4.66-1) trixie: resolved (fixed in 1:0.4.62-2+deb13u2)

CVE-2025-10921 [HIGH] CVE-2025-10921: gegl - GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerabi... GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HD

CVE-2021-45463 [HIGH] CVE-2021-45463: gegl - load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a con... load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds

CVE-2018-10112 [HIGH] CVE-2018-10112: gegl - An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_const... An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format

CVE-2018-10114 [HIGH] CVE-2018-10114: gegl - An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_sim... An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operati

CVE-2018-10111 [HIGH] CVE-2018-10111: gegl - An issue was discovered in GEGL through 0.3.32. The render_rectangle function in... An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Scope: local bookworm: open bullseye: open forky: open sid: open trixie: open

CVE-2018-10113 [HIGH] CVE-2018-10113: gegl - An issue was discovered in GEGL through 0.3.32. The process function in operatio... An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Scope: local bookworm: resolved (fixed in 0.3.34-1) bullseye: resolved (fixed in 0.3.34-1) forky: resolved (fixed in 0.3.34-1) sid: resolved (fixed in 0.3.34-1

CVE-2012-4433 [HIGH] CVE-2012-4433: gegl - Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Gr... Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed i