Command Injection in gm.compare function
gm is vulnerable to command injection when user input is passed into the arguments of the gm.compare function. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.