Home

CVE-2021-45463

Description

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Risk Information

Base Score
7.8
MODERATE
Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.975

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:0162) gegl security update gegl-0.2.0-19.el7_9.1.i686.rpmLinux
(RHSA-2022:0162) gegl security update gegl-0.2.0-19.el7_9.1.x86_64.rpmLinux
(RHSA-2022:0162) gegl security update gegl-devel-0.2.0-19.el7_9.1.i686.rpmLinux
(RHSA-2022:0162) gegl security update gegl-devel-0.2.0-19.el7_9.1.x86_64.rpmLinux
(RHSA-2022:0177) gegl04 security update gegl04-0.4.4-6.el8_5.2.i686.rpmLinux
(RHSA-2022:0177) gegl04 security update gegl04-0.4.4-6.el8_5.2.x86_64.rpmLinux
(RHSA-2022:0177) gegl04 security update gegl04-debugsource-0.4.4-6.el8_5.2.i686.rpmLinux
(RHSA-2022:0177) gegl04 security update gegl04-debugsource-0.4.4-6.el8_5.2.x86_64.rpmLinux
Gegl update (ELSA-2022-0162) gegl-0.2.0-19.el7_9.1.i686.rpmLinux
Gegl update (ELSA-2022-0162) gegl-0.2.0-19.el7_9.1.x86_64.rpmLinux
Gegl-devel update (ELSA-2022-0162) gegl-devel-0.2.0-19.el7_9.1.i686.rpmLinux
Gegl-devel update (ELSA-2022-0162) gegl-devel-0.2.0-19.el7_9.1.x86_64.rpmLinux
Gegl04 update (ELSA-2022-0177) gegl04-0.4.4-6.el8_5.2.i686.rpmLinux
Gegl04 update (ELSA-2022-0177) gegl04-0.4.4-6.el8_5.2.x86_64.rpmLinux
Gegl04-devel update (ELSA-2022-0177) gegl04-devel-0.4.4-6.el8_5.2.i686.rpmLinux
Gegl04-devel update (ELSA-2022-0177) gegl04-devel-0.4.4-6.el8_5.2.x86_64.rpmLinux
(RHSA-2022:0162)Important: security update gegl-debuginfo-0.2.0-19.el7_9.1.i686.rpmLinux
(RHSA-2022:0162)Important: security update gegl-debuginfo-0.2.0-19.el7_9.1.x86_64.rpmLinux
(RHSA-2022:0177)Important: security update gegl04-debuginfo-0.4.4-6.el8_5.2.i686.rpmLinux
(RHSA-2022:0177)Important: security update gegl04-debuginfo-0.4.4-6.el8_5.2.x86_64.rpmLinux
(RHSA-2022:0177)Important: security update gegl04-tools-debuginfo-0.4.4-6.el8_5.2.i686.rpmLinux
(RHSA-2022:0177)Important: security update gegl04-tools-debuginfo-0.4.4-6.el8_5.2.x86_64.rpmLinux
gegl Security Update (ALAS-2022-1755) gegl-0.2.0-19.amzn2.1.i686.rpmLinux
gegl Security Update (ALAS-2022-1755) gegl-0.2.0-19.amzn2.1.x86_64.rpmLinux
gegl Security Update (ALAS-2022-1755) gegl-devel-0.2.0-19.amzn2.1.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234