CVE-2021-45463

Published: Dec 23, 2021Modified: Nov 3, 2025

7.8

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability: 1.8 / Impact: 5.9

Source: NVD

Description

load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.

Affected (6)

Products: Gegl: Gegl · Gimp: Gimp · Redhat: Enterprise Linux · +1 more

Show all products

Gegl: Gegl · Gimp: Gimp · Redhat: Enterprise Linux · Fedoraproject: Fedora

1 product

1 product

1 product

Enterprise Linux

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gegl Gegl	Before 0.4.34

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Gimp Gimp	Before 2.10.30

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Redhat Enterprise Linux	Version 7.0
Redhat Enterprise Linux	Version 8.0

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 34
Fedoraproject Fedora	Version 35

References (15)

https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc

Source: cve@mitre.org

Release NotesThird Party Advisory

https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b

Source: cve@mitre.org

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/gegl/-/issues/298

Source: cve@mitre.org

Vendor Advisory

https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868

Source: cve@mitre.org

PatchThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG635WJCNXHJM5U4BGMAAP4NK2YFTQXK/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP5NDNOTMPI335FXE7VUPW7FXYTT7PYN/

Source: cve@mitre.org

https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/

Source: cve@mitre.org

Release NotesVendor Advisory

https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

https://gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909b

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://gitlab.gnome.org/GNOME/gegl/-/issues/298

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://lists.debian.org/debian-lts-announce/2025/10/msg00021.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG635WJCNXHJM5U4BGMAAP4NK2YFTQXK/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP5NDNOTMPI335FXE7VUPW7FXYTT7PYN/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.gimp.org/news/2021/12/21/gimp-2-10-30-released/

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.