Critical severityNVD Advisory· Published Sep 1, 2020· Updated Sep 23, 2021

Command Injection in gm

CVE-2015-7982

Description

Versions of gm prior to 1.21.1 are affected by a command injection vulnerability. The vulnerability is triggered when user input is passed into gm.compare(), which fails to sanitize input correctly before calling the graphics magic binary.

Recommendation

Update to version 1.21.1 or later.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
gmnpm	< 1.21.1	1.21.1

Patches

5f5c77490aa8

https://github.com/aheckmann/gmvia ghsa

commit

Vulnerability mechanics

Generated by null/stub on May 9, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

github.com/advisories/GHSA-pjh3-jv7w-9jprghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2015-7982ghsaADVISORY
github.com/aheckmann/gm/commit/5f5c77490aa84ed313405c88905eb4566135be31ghsaWEB
www.npmjs.com/advisories/54ghsaWEB

News mentions

No linked articles in our index yet.

cvss	0.585
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000