[SECURITY] [DLA 4341-1] gegl security update

To: debian-lts-announce@lists.debian.org
Subject: [SECURITY] [DLA 4341-1] gegl security update
From: Sylvain Beucler <beuc@beuc.net>
Date: Wed, 22 Oct 2025 18:59:39 +0200
Message-id: <[🔎] aPkNeyfa0qWuWNVz@mail.beuc.net>
Mail-followup-to: debian-lts@lists.debian.org
Reply-to: debian-lts@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian LTS Advisory DLA-4341-1                debian-lts@lists.debian.org
https://www.debian.org/lts/security/                      Sylvain Beucler
October 22, 2025                              https://wiki.debian.org/LTS
- -------------------------------------------------------------------------

Package        : gegl
Version        : 1:0.4.26-2+deb11u1
CVE ID         : CVE-2021-45463 CVE-2025-10921
Debian Bug     : 1002661 1116470

Multiple vulnerabilities were discovered in GEGL, a graph-based image
processing library, which could result in denial of service or the
execution of arbitrary code if malformed files or filenames are
processed.

CVE-2021-45463

    load_cache allows shell expansion when a pathname in a constructed
    command line is not escaped or filtered. This is caused by use of
    the system library function for execution of the ImageMagick
    convert fallback in magick-load.

CVE-2025-10921

    GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code
    Execution Vulnerability.

For Debian 11 bullseye, these problems have been fixed in version
1:0.4.26-2+deb11u1.

We recommend that you upgrade your gegl packages.

For the detailed security status of gegl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gegl

Further information about Debian LTS security advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://wiki.debian.org/LTS
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEE1vEOfV7HXWKqBieIDTl9HeUlXjAFAmj5DOoACgkQDTl9HeUl
XjBl+RAAxU9AqqD0ldcRpocX+SLKUuJr2XOCFw9dydXJ1O6hP6OtHd8DbHdzAf3z
09Pe/PibmoSawmpuFr2v+m2m1ilmyUSxdFzcsCWfMPwjepSNWDAQeLxGD2h4g36L
1b9SwWR6XfLXfl0VPHQTt9tjOx9Aw7oHoFDtOB49ua2wFD0yisXuJG5ONR7/vLGr
soBf9aZ1kZqKFHQCRp8UApmKkwOAiUxwd43Nv5nzsxfAQsrzuTj5Z6hRCHnhCDBV
Y9mJTEzTHZoyigCH/OhkgMIaNnMqB6AVMIK2/bBWeORSWO812tg/RlQorCgn5anJ
itape+OPCNSvxjJG9+JgS3AgUFAsNtDwIYeP+vhHVaWzip/IpugWSU3QiD9rsvcG
nuAZb84teR1zU8bm87JtDMcnCIN7RDIAw6EvQDa+M5y6DBx48qvDADD/vgZeEDLF
lAPhrOqS3/3f7H8lJrQBHp2smvwG2ipQuvDTtyZcgXwA6cZ4jGEA9pXMiVCkXkhc
iIhV3iR5nMcdU46TiWipiUjmzEsX7zHrmETUjjRbLDioRkCuNFNYNH6xln2tzVgr
3hQNzQQj2K6DlmFoW4911D/nDdgZsZYioNDQZX6x/sY7lyEYch9k3XZsun+9+UX3
vdORHhamb3dfeVGF7C/XiCtU728bHGOLsNP82XU2SUHv4Bbli5Y=
=5moU
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DLA 4340-1] libphp-adodb security update
Next by Date: [SECURITY] [DLA 4342-1] gimp security update
Previous by thread: [SECURITY] [DLA 4340-1] libphp-adodb security update
Next by thread: [SECURITY] [DLA 4342-1] gimp security update
Index(es):
- Date
- Thread