Descriptionload_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)
Debian Bugs1002661

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gegl (PTS)buster0.4.12-2vulnerable
bookworm, sid1:0.4.40-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs


[bullseye] - gegl <no-dsa> (Minor issue)
[buster] - gegl <no-dsa> (Minor issue)
[stretch] - gegl <no-dsa> (Minor issue; can be fixed later)
Fixed by: (GEGL_0_4_34)
Followup: (GEGL_0_4_34)

Search for package or bug name: Reporting problems