VYPR
Critical severityGHSA Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

Command Injection in gm

CVE-2015-7982

Description

Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.

Recommendation

Update to version 1.21.1 or later.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
gmnpm
< 1.21.11.21.1

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.