CVE-2015-7982: Command Injection in gm.compare function

October 26, 2015

gm is vulnerable to command injection when user input is passed into the arguments of the gm.compare function. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.

References

github.com/aheckmann/gm/commit/5f5c77490aa84ed313405c88905eb4566135be31

Detect and mitigate CVE-2015-7982 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →