Astra Linux – Vulnerability in Gegl

The loadcache function in GEGL before version 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This issue arises due to the use of the system library function for executing the ImageMagick convert fallback in magick-load. NOTE: GEGL versions...

Debian: Security Advisory (DLA-4487-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2026-2050

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Ubuntu Linux - ZDI-CAN-28266: New Vulnerability Report at rgbe.c CVE-2026-2050 Note that Nessus relies on the presence of the package as reported by the vendor...

MiracleLinux 8 : exiv2-0.27.2-5.el8, gegl-0.2.0-39.el8, gnome-color-manager-3.28.0-3.el8, libgexiv2-0.10.8-4.el8 (AXSA:2020-556:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-556:01 advisory. exiv2: infinite loop and hang in Jp2Image::readMetadata in jp2image.cpp could lead to DoS CVE-2019-20421 exiv2: null pointer dereference in the...

MiracleLinux 4 : gegl-0.1.2-4.AXS4 (AXSA:2012-1027:01)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2012-1027:01 advisory. EGL Generic Graphics Library is a graph based image processing framework. GEGLs original design was made to scratch GIMPs itches for a new compositing and...

SUSE SLED15 / SLES15 Security Update : gegl (SUSE-SU-2025:4333-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4333-1 advisory. - CVE-2025-10921: Fixed HDR file parsing heap-based buffer overflow that can lead to remote code execution. bsc1250496...

Amazon Linux 2 : gegl, --advisory ALAS2-2025-3030 (ALAS-2025-3030)

The version of gegl installed on the remote host is prior to 0.2.0-19. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-3030 advisory. GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability CVE-2025-10921 Tenable has extracted the precedi...

EUVD-2018-2191

Malware in sbrugna...

EUVD-2021-32229

Malicious code in bioql PyPI...

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM : GEGL vulnerability (USN-5251-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5251-1 advisory. It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system function for execution of the...

SUSE CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

USN-5251-1: GEGL vulnerability

It was discovered that GEGL incorrectly filtered and escaped file path input data when using the C system function for execution of the ImageMagick convert command. An attacker could possibly use this to execute arbitrary code...

AlmaLinux 8 : gegl04 (ALSA-2022:0177)

The remote AlmaLinux 8 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2022:0177 advisory. - loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the...

gegl: shell expansion via a crafted pathname

Due to the use of the system command in the Magick-Load op used by gegl an attacker is able to craft a command line path that is able to lead to the execution of arbitrary shell commands that impacts availability, confidentiality and integrity...

DEBIAN-CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

UBUNTU-CVE-2021-45463

loadcache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIM...

CVE-2018-10114

An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions ...

CVE-2018-10112

An issue was discovered in GEGL through 0.3.32. The gegltilebackendswapconstructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PNG file that is mishandled during a...

GEGL Denial of Service Vulnerability (CNVD-2018-08259)

GEGL is a data stream based image processing framework. The framework provides floating point processing and lossless image processing for projects such as the GNU Image Manipulation Program. A security vulnerability exists in GEGL 0.3.32 and earlier versions, which stems from the failure of the...

CVE-2018-10114

An issue was discovered in GEGL through 0.3.32. The geglbufferiteratereadsimple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service write access violation or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions ...