OESA-2022-1488
- Source
- https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1488
- Import Source
- https://repo.openeuler.org/security/data/osv/OESA-2022-1488.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/OESA-2022-1488
- Upstream
- Published
- 2022-01-14T11:03:27Z
- Modified
- 2025-08-12T05:10:51.594624Z
- Summary
- gimp security update
- Details
-
GIMP is a cross-platform image editor available for GNU/Linux, OS X, Windows and more operating systems. It is free software, you can change its source code and distribute your changes. Whether you are a graphic designer, photographer, illustrator, or scientist, GIMP provides you with sophisticated tools to get your job done. You can further enhance your productivity with GIMP thanks to many customization options and 3rd party plugins.
Security Fix(es):
GEGL before 0.4.34, as used (for example) in GIMP before 2.10.30, allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load.(CVE-2021-45463)
- Database specific
{ "severity": "High" }- References
Affected packages
openEuler:20.03-LTS-SP1 / gimp
Package
- Name
- gimp
- Purl
- pkg:rpm/openEuler/gimp&distro=openEuler-20.03-LTS-SP1
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.6-10.oe1
Ecosystem specific
{
"src": [
"gimp-2.10.6-10.oe1.src.rpm"
],
"x86_64": [
"gimp-2.10.6-10.oe1.x86_64.rpm",
"gimp-debugsource-2.10.6-10.oe1.x86_64.rpm",
"gimp-debuginfo-2.10.6-10.oe1.x86_64.rpm",
"gimp-libs-2.10.6-10.oe1.x86_64.rpm",
"gimp-devel-2.10.6-10.oe1.x86_64.rpm",
"gimp-help-2.10.6-10.oe1.x86_64.rpm"
],
"aarch64": [
"gimp-libs-2.10.6-10.oe1.aarch64.rpm",
"gimp-devel-2.10.6-10.oe1.aarch64.rpm",
"gimp-2.10.6-10.oe1.aarch64.rpm",
"gimp-debuginfo-2.10.6-10.oe1.aarch64.rpm",
"gimp-debugsource-2.10.6-10.oe1.aarch64.rpm",
"gimp-help-2.10.6-10.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP2 / gimp
Package
- Name
- gimp
- Purl
- pkg:rpm/openEuler/gimp&distro=openEuler-20.03-LTS-SP2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.6-9.oe1
Ecosystem specific
{
"src": [
"gimp-2.10.6-9.oe1.src.rpm"
],
"x86_64": [
"gimp-devel-2.10.6-9.oe1.x86_64.rpm",
"gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm",
"gimp-debugsource-2.10.6-9.oe1.x86_64.rpm",
"gimp-libs-2.10.6-9.oe1.x86_64.rpm",
"gimp-help-2.10.6-9.oe1.x86_64.rpm",
"gimp-2.10.6-9.oe1.x86_64.rpm"
],
"aarch64": [
"gimp-libs-2.10.6-9.oe1.aarch64.rpm",
"gimp-help-2.10.6-9.oe1.aarch64.rpm",
"gimp-devel-2.10.6-9.oe1.aarch64.rpm",
"gimp-debugsource-2.10.6-9.oe1.aarch64.rpm",
"gimp-2.10.6-9.oe1.aarch64.rpm",
"gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm"
]
}
openEuler:20.03-LTS-SP3 / gimp
Package
- Name
- gimp
- Purl
- pkg:rpm/openEuler/gimp&distro=openEuler-20.03-LTS-SP3
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.10.6-9.oe1
Ecosystem specific
{
"src": [
"gimp-2.10.6-9.oe1.src.rpm"
],
"x86_64": [
"gimp-debuginfo-2.10.6-9.oe1.x86_64.rpm",
"gimp-2.10.6-9.oe1.x86_64.rpm",
"gimp-help-2.10.6-9.oe1.x86_64.rpm",
"gimp-devel-2.10.6-9.oe1.x86_64.rpm",
"gimp-debugsource-2.10.6-9.oe1.x86_64.rpm",
"gimp-libs-2.10.6-9.oe1.x86_64.rpm"
],
"aarch64": [
"gimp-devel-2.10.6-9.oe1.aarch64.rpm",
"gimp-libs-2.10.6-9.oe1.aarch64.rpm",
"gimp-debuginfo-2.10.6-9.oe1.aarch64.rpm",
"gimp-2.10.6-9.oe1.aarch64.rpm",
"gimp-debugsource-2.10.6-9.oe1.aarch64.rpm",
"gimp-help-2.10.6-9.oe1.aarch64.rpm"
]
}