Gegl vulnerabilities

CVE-2025-10921 [HIGH] CVE-2025-10921: GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of HDR file

CVE-2021-45463 [HIGH] CVE-2021-45463: load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command lin load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GI

CVE-2018-10112 [HIGH] CWE-119 CVE-2018-10112: An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in b An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel funct

CVE-2018-10111 [HIGH] CWE-119 CVE-2018-10111: An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-proces An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.

CVE-2018-10114 [HIGH] CWE-119 CVE-2018-10114: An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buff An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header f

CVE-2018-10113 [HIGH] CVE-2018-10113: An issue was discovered in GEGL through 0 An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure.

CVE-2012-4433 [HIGH] CWE-189 CVE-2012-4433: Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2. Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow.