Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2021-45463

Опубликовано: 23 дек. 2021
Источник: debian
EPSS Низкий

Описание

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
geglfixed1:0.4.34-1package
geglno-dsabullseyepackage
geglno-dsabusterpackage
geglno-dsastretchpackage

Примечания

  • Fixed by: https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b (GEGL_0_4_34)

  • Followup: https://gitlab.gnome.org/GNOME/gegl/-/commit/2172cf7e8d7e8891ae2053d6eef213d5bef939cb (GEGL_0_4_34)

EPSS

Процентиль: 81%
0.01608
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2021-45463

CVSS3: 7.8
ubuntu
больше 3 лет назад

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

redhat логотип

CVE-2021-45463

CVSS3: 7.8
redhat
больше 3 лет назад

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

nvd логотип

CVE-2021-45463

CVSS3: 7.8
nvd
больше 3 лет назад

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

suse-cvrf логотип

openSUSE-SU-2021:4210-1

suse-cvrf
больше 3 лет назад

Security update for gegl

suse-cvrf логотип

openSUSE-SU-2021:4209-1

suse-cvrf
больше 3 лет назад

Security update for gegl

EPSS

Процентиль: 81%
0.01608
Низкий