Unrated severityNVD Advisory· Published Dec 23, 2021· Updated Nov 3, 2025
CVE-2021-45463
CVE-2021-45463
Description
load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- GEGL/GEGLdescription
- osv-coords8 versionspkg:rpm/almalinux/gegl04pkg:rpm/almalinux/gegl04-develpkg:rpm/opensuse/gegl&distro=openSUSE%20Leap%2015.3pkg:rpm/suse/gegl&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Package%20Hub%2015%20SP3pkg:rpm/suse/gegl&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/gegl&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2012%20SP5pkg:rpm/suse/gegl&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP2pkg:rpm/suse/gegl&distro=SUSE%20Linux%20Enterprise%20Workstation%20Extension%2015%20SP3
< 0.4.4-6.el8_5.2+ 7 more
- (no CPE)range: < 0.4.4-6.el8_5.2
- (no CPE)range: < 0.4.4-6.el8_5.2
- (no CPE)range: < 0.4.16-3.3.1
- (no CPE)range: < 0.4.16-3.3.1
- (no CPE)range: < 0.2.0-15.6.1
- (no CPE)range: < 0.2.0-15.6.1
- (no CPE)range: < 0.4.16-3.3.1
- (no CPE)range: < 0.4.16-3.3.1
Patches
Vulnerability mechanics
References
7- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/CG635WJCNXHJM5U4BGMAAP4NK2YFTQXK/mitrevendor-advisoryx_refsource_FEDORA
- lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZP5NDNOTMPI335FXE7VUPW7FXYTT7PYN/mitrevendor-advisoryx_refsource_FEDORA
- gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adocmitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gegl/-/commit/bfce470f0f2f37968862129d5038b35429f2909bmitrex_refsource_MISC
- gitlab.gnome.org/GNOME/gegl/-/issues/298mitrex_refsource_CONFIRM
- gitlab.gnome.org/GNOME/gimp/-/commit/e8a31ba4f2ce7e6bc34882dc27c97fba993f5868mitrex_refsource_MISC
- www.gimp.org/news/2021/12/21/gimp-2-10-30-released/mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.