Critical severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021
Command Injection in gm
CVE-2015-7982
Description
Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.
Recommendation
Update to version 1.21.1 or later.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
gmnpm | < 1.21.1 | 1.21.1 |
Affected products
2Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.