CVSS: 7.8EPSS: 1%CPEs: 6EXPL: 0CVE-2021-45463 – gegl: shell expansion via a crafted pathname
https://notcve.org/view.php?id=CVE-2021-45463
23 Dec 2021 — load_cache in GEGL before 0.4.34 allows shell expansion when a pathname in a constructed command line is not escaped or filtered. This is caused by use of the system library function for execution of the ImageMagick convert fallback in magick-load. NOTE: GEGL releases before 0.4.34 are used in GIMP releases before 2.10.30; however, this does not imply that GIMP builds enable the vulnerable feature. load_cache en GEGL antes de la versión 0.4.34 permite la expansión del shell cuando un nombre de ruta en una l... • https://gitlab.gnome.org/GNOME/gegl/-/blob/master/docs/NEWS.adoc • CWE-20: Improper Input Validation •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10111
https://notcve.org/view.php?id=CVE-2018-10111
14 Apr 2018 — An issue was discovered in GEGL through 0.3.32. The render_rectangle function in process/gegl-processor.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Se ha descubierto un problema en GEGL hasta su versión 0.3.32. La función render_rectangle en process/gegl-processor.c tiene una asignación de memoria no limitada, lo que conduce a una denegación de servicio (cierre inesperado de la aplicación) tras un fallo de asignación. • https://github.com/xiaoqx/pocs/tree/master/gegl • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10112
https://notcve.org/view.php?id=CVE-2018-10112
14 Apr 2018 — An issue was discovered in GEGL through 0.3.32. The gegl_tile_backend_swap_constructed function in buffer/gegl-tile-backend-swap.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PNG file that is mishandled during a call to the babl_format_get_bytes_per_pixel function in babl-format.c in babl 0.1.46. Se ha descubierto un problema en GEGL hasta su versión 0.3.32. La función gegl_tile_backend_swap_constructed en buffer/geg... • https://bugzilla.gnome.org/show_bug.cgi?id=795249 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2018-10113
https://notcve.org/view.php?id=CVE-2018-10113
14 Apr 2018 — An issue was discovered in GEGL through 0.3.32. The process function in operations/external/ppm-load.c has unbounded memory allocation, leading to a denial of service (application crash) upon allocation failure. Se ha descubierto un problema en GEGL hasta su versión 0.3.32. La función process en operations/external/ppm-load.c tiene una asignación de memoria no limitada, lo que conduce a una denegación de servicio (cierre inesperado de la aplicación) tras un fallo de asignación. • https://github.com/xiaoqx/pocs/tree/master/gegl • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 2CVE-2018-10114
https://notcve.org/view.php?id=CVE-2018-10114
14 Apr 2018 — An issue was discovered in GEGL through 0.3.32. The gegl_buffer_iterate_read_simple function in buffer/gegl-buffer-access.c allows remote attackers to cause a denial of service (write access violation) or possibly have unspecified other impact via a malformed PPM file, related to improper restrictions on memory allocation in the ppm_load_read_header function in operations/external/ppm-load.c. Se ha descubierto un problema en GEGL hasta su versión 0.3.32. La función gegl_buffer_iterate_read_simple en buffer/... • https://bugzilla.gnome.org/show_bug.cgi?id=795248 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 18%CPEs: 1EXPL: 0CVE-2012-4433 – gegl: Integer overflow, leading to heap-based buffer overflow by parsing PPM image headers
https://notcve.org/view.php?id=CVE-2012-4433
18 Nov 2012 — Multiple integer overflows in operations/external/ppm-load.c in GEGL (Generic Graphics Library) 0.2.0 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a large (1) width or (2) height value in a Portable Pixel Map (ppm) image, which triggers a heap-based buffer overflow. Múltiples desbordamientos de enteros en operations/external/ppm-load.c en GEGL (Generic Graphics Library) v0.2.0 permiten a atacantes remotos provocar una denegación de servicio (... • http://git.gnome.org/browse/gegl/commit/?id=1e92e5235ded0415d555aa86066b8e4041ee5a53 • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •