Vulnerabilities

CVE-2021-45463

by Fred · 23/12/2021

GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.

Date published : 2021-12-23

https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc

https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b

Similar

Tags: Cybersecurity Alert