CVE-2021-45463

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-45463

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-45463.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-45463

Related

Published

2021-12-23T06:15:06Z

Modified

2024-12-04T07:55:34.703779Z

Severity

7.8 (High) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

References

Affected packages

Debian:11 / gegl

Package

Name: gegl
Purl: pkg:deb/debian/gegl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1:0.*

1:0.4.26-2

1:0.4.28-1

1:0.4.28-2

1:0.4.28-3

1:0.4.30-1

1:0.4.32-1

1:0.4.32-2

1:0.4.34-1

1:0.4.36-1

1:0.4.36-2

1:0.4.36-3

1:0.4.36-3.1

1:0.4.38-1

1:0.4.40-1

1:0.4.40-2

1:0.4.42-1

1:0.4.42-2

1:0.4.44-1

1:0.4.44-2

1:0.4.44-3

1:0.4.46-1

1:0.4.46-3

1:0.4.46-4

1:0.4.46-4.1~exp1

1:0.4.48-1

1:0.4.48-1.1~exp1

1:0.4.48-2

1:0.4.48-2.1

1:0.4.48-2.2

1:0.4.48-2.4

1:0.4.48-2.5

1:0.4.50-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / gegl

Package

Name: gegl
Purl: pkg:deb/debian/gegl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.4.34-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / gegl

Package

Name: gegl
Purl: pkg:deb/debian/gegl?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:0.4.34-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/gnome/gimp

Affected ranges

Type: GIT
Repo: https://github.com/gnome/gimp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

cee406b593fb561efebc3664bdc0790fa45b9c47

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/gegl
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

bfce470f0f2f37968862129d5038b35429f2909b

Type: GIT
Repo: https://gitlab.gnome.org/GNOME/gimp
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

e8a31ba4f2ce7e6bc34882dc27c97fba993f5868

Affected versions

Other

BASE_ZERO

BEFORE_GIMAGE_IS_FLAT_REMOVAL

BEFORE_MATTS_CRAZY_TOOL_PATCH

BEFORE_TILE_MADNESS

FOR_PANEL

GEGL_0_0_14

GEGL_0_0_16

GEGL_0_0_4

GEGL_0_1_0_REAL

GEGL_0_1_2

GEGL_0_1_4

GEGL_0_1_6

GEGL_0_1_8

GEGL_0_2_0

GEGL_0_3_0

GEGL_0_3_10

GEGL_0_3_12

GEGL_0_3_14

GEGL_0_3_16

GEGL_0_3_18

GEGL_0_3_2

GEGL_0_3_20

GEGL_0_3_22

GEGL_0_3_24

GEGL_0_3_26

GEGL_0_3_28

GEGL_0_3_30

GEGL_0_3_34

GEGL_0_3_4

GEGL_0_3_6

GEGL_0_3_8

GEGL_0_4_0

GEGL_0_4_10

GEGL_0_4_12

GEGL_0_4_14

GEGL_0_4_16

GEGL_0_4_18

GEGL_0_4_2

GEGL_0_4_20

GEGL_0_4_24

GEGL_0_4_26

GEGL_0_4_28

GEGL_0_4_30

GEGL_0_4_32

GEGL_0_4_4

GEGL_0_4_6

GEGL_0_4_8

GEGL_20001120_v002

GEGL_BEFORE_CLEANUP

GIMP_0_99_16

GIMP_0_99_17

GIMP_0_99_18

GIMP_0_99_19

GIMP_0_99_20

GIMP_0_99_21

GIMP_0_99_22

GIMP_0_99_23

GIMP_0_99_24

GIMP_0_99_25

GIMP_0_99_27

GIMP_0_99_28

GIMP_0_99_29

GIMP_19990910

GIMP_1_0_0

GIMP_1_1_0

GIMP_1_1_1

GIMP_1_1_10

GIMP_1_1_11

GIMP_1_1_12

GIMP_1_1_13

GIMP_1_1_14

GIMP_1_1_15

GIMP_1_1_16

GIMP_1_1_17

GIMP_1_1_18

GIMP_1_1_19

GIMP_1_1_2

GIMP_1_1_20

GIMP_1_1_21

GIMP_1_1_22

GIMP_1_1_23

GIMP_1_1_24

GIMP_1_1_25

GIMP_1_1_26

GIMP_1_1_27

GIMP_1_1_28

GIMP_1_1_29

GIMP_1_1_3

GIMP_1_1_30

GIMP_1_1_31

GIMP_1_1_32

GIMP_1_1_4

GIMP_1_1_5

GIMP_1_1_6

GIMP_1_1_7

GIMP_1_1_8

GIMP_1_1_9

GIMP_1_2_0

GIMP_1_3_0

GIMP_1_3_1

GIMP_1_3_10

GIMP_1_3_11

GIMP_1_3_12

GIMP_1_3_13

GIMP_1_3_14

GIMP_1_3_15

GIMP_1_3_16

GIMP_1_3_17

GIMP_1_3_18

GIMP_1_3_19

GIMP_1_3_2

GIMP_1_3_20

GIMP_1_3_21

GIMP_1_3_22

GIMP_1_3_23

GIMP_1_3_24

GIMP_1_3_25

GIMP_1_3_26

GIMP_1_3_27

GIMP_1_3_3

GIMP_1_3_4

GIMP_1_3_5

GIMP_1_3_6

GIMP_1_3_7

GIMP_1_3_8

GIMP_1_3_9

GIMP_2_0_0

GIMP_2_0_1

GIMP_2_0_RC1

GIMP_2_10_0

GIMP_2_10_0_RC1

GIMP_2_10_0_RC2

GIMP_2_10_10

GIMP_2_10_12

GIMP_2_10_14

GIMP_2_10_16

GIMP_2_10_18

GIMP_2_10_2

GIMP_2_10_20

GIMP_2_10_22

GIMP_2_10_24

GIMP_2_10_26

GIMP_2_10_28

GIMP_2_10_4

GIMP_2_10_6

GIMP_2_10_8

GIMP_2_1_0

GIMP_2_1_1

GIMP_2_1_2

GIMP_2_1_3

GIMP_2_1_4

GIMP_2_1_5

GIMP_2_1_6

GIMP_2_1_7

GIMP_2_2_0

GIMP_2_2_1

GIMP_2_2_PRE1

GIMP_2_2_PRE2

GIMP_2_3_0

GIMP_2_3_1

GIMP_2_3_10

GIMP_2_3_11

GIMP_2_3_12

GIMP_2_3_13

GIMP_2_3_14

GIMP_2_3_16

GIMP_2_3_17

GIMP_2_3_18

GIMP_2_3_19

GIMP_2_3_2

GIMP_2_3_3

GIMP_2_3_4

GIMP_2_3_5

GIMP_2_3_6

GIMP_2_3_7

GIMP_2_3_8

GIMP_2_3_9

GIMP_2_4_0_RC1

GIMP_2_4_0_RC2

GIMP_2_4_0_RC3

GIMP_2_4_1

GIMP_2_5_0

GIMP_2_5_1

GIMP_2_5_2

GIMP_2_5_3

GIMP_2_5_4

GIMP_2_6_0

GIMP_2_6_1

GIMP_2_7_0

GIMP_2_7_1

GIMP_2_7_2

GIMP_2_7_3

GIMP_2_7_4

GIMP_2_7_5

GIMP_2_8_0

GIMP_2_8_0_RC1

GIMP_2_99_2

GIMP_2_99_4

GIMP_2_99_6

GIMP_2_99_8

GIMP_2_9_2

GIMP_2_9_4

GIMP_2_9_6

GIMP_2_9_8

GIMP_BEFORE_GTK_2_0

GNOME_2_4_BRANCHPOINT

GNOME_BASE

GNOME_PRINT_0_24

LIBRSVG_2_1_1

LIBRSVG_2_1_2

LIBRSVG_2_1_3

LIBRSVG_2_1_4

LIBRSVG_2_1_5

LIBRSVG_2_2_0

NEEDS_GIMP_2_3_10

PROJECT_SUNLIGHT_ANCHOR

ROSALIA_BEFORE_COMMITTING_DL_AND_GNOME_HELLO

SCRIPT_FU_BEFORE_TINYSCHEME

SCRIPT_FU_MERGE

SNAP_19971121

TINY_FU_0_9_3

TINY_FU_0_9_4

TINY_FU_0_9_5

TINY_FU_0_9_6

TINY_FU_0_9_7

TINY_FU_0_9_8

TINY_FU_1_0_0

TINY_FU_1_0_1

TINY_FU_1_0_RC1

TINY_FU_1_1_0

gimp

release-2-2-4

release-2-2-5

release-2-3-0

release-2-4-0

soc-2012-unified-transform-after-gsoc

soc-2012-unified-transform-before-gsoc