load_cache in GEGL prior to 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases prior to 0.4.34 are used in GIMP releases prior to 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
gegl gegl |
||
gimp gimp |
||
redhat enterprise linux 7.0 |
||
redhat enterprise linux 8.0 |
||
fedoraproject fedora 34 |
||
fedoraproject fedora 35 |