[SECURITY] [DSA 6018-1] gegl security update

To: debian-security-announce@lists.debian.org
Subject: [SECURITY] [DSA 6018-1] gegl security update
From: Moritz Muehlenhoff <jmm@debian.org>
Date: Fri, 3 Oct 2025 13:22:38 +0000
Message-id: <[🔎] aN_OHpP_nFO96u8l@seger.debian.org>
Reply-to: debian-security-announce-request@lists.debian.org

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

- -------------------------------------------------------------------------
Debian Security Advisory DSA-6018-1                   security@debian.org
https://www.debian.org/security/                       Moritz Muehlenhoff
October 03, 2025                      https://www.debian.org/security/faq
- -------------------------------------------------------------------------

Package        : gegl
CVE ID         : CVE-2025-10921

A buffer overflow was discovered in the RGBE/HDR parser of GEGL, a
graph-based image processing library, which could result in denial of
service or the execution of arbitrary code if malformed files are
processed.

For the oldstable distribution (bookworm), this problem has been fixed
in version 1:0.4.42-2+deb12u1.

For the stable distribution (trixie), this problem has been fixed in
version 1:0.4.62-2+deb13u1.

We recommend that you upgrade your gegl packages.

For the detailed security status of gegl please refer to
its security tracker page at:
https://security-tracker.debian.org/tracker/gegl

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEtuYvPRKsOElcDakFEMKTtsN8TjYFAmjfzQoACgkQEMKTtsN8
Tja/dRAAjvi0fdNO+GJme+yw9DqfRLU5adqJlt+S1Pff2+3p9ZhtvfIuEojUfvdZ
CEH8XjCyUgB/5b6ZxXe0UfZ8TBUa7X5NusNIv9IQy3hOe0cKizTJx9h3AYGcOnMJ
D8nx/qKv0h4fxPlomlAEmfYnwIHRuzVgUc2GR/SLM5RPWjZv0325Za56BYhis82N
r89FKcZ6CgXN1lRxe115HAhxbsOWcOMC+a4r5mTANOmvsNiDaXHdpe6TpZuWOUMV
2huZSeujSl3flgm9eVnb97uKJ66sM4oWCmC6n7Dm9pSZFGJ/QKew7SrsTTtImLTh
t4GSIC3P88e1CWuGtULR5mfbk+P78EJ279AqKPgpIuP8OJG8YPirR2YCXdwaykwe
pbtNmY5Lyo2KxiDOAOvKTmVYHO2Hx9FJELD7okNi1E7FxDziZ4GgCfsDxkoJtQic
1woGL2K5Yhhw6iuI6B1v0WhUyU+1s9DspJ/u17u1heL2xtHqEcl2u3+gLTk56HlZ
2OenPfEVkYR2b1w2ATTFZrwv/2IWWzYOdPTojjhcVPmYaCaEKuZIco90gB/nU4Q+
pETt6mK0HJH62ux76iB5GIoTFmTmfSD5DOUVgIzMj+XL6kZBPsBIzuWRUk5BXuTb
vB5efCArLT4NnYMjscQhMpP1uttAGeawcE5nGGtu/goAr29QRRw=
=/jtZ
-----END PGP SIGNATURE-----

Reply to:

Prev by Date: [SECURITY] [DSA 6017-1] haproxy security update
Previous by thread: [SECURITY] [DSA 6017-1] haproxy security update
Index(es):
- Date
- Thread