| Package | gegl |
|---|---|
| Version | 0.3.8-4+deb9u2 (stretch), 0.4.12-2+deb10u2 (buster) |
| Related CVEs | CVE-2026-2049 CVE-2026-2050 |
A heap-based buffer overflow was discovered in the RGBE/HDR parser of GEGL, a graph-based image processing library, which could result in denial of service or the execution of arbitrary code if malformed files are processed.
For Debian 10 buster, these problems have been fixed in version 0.4.12-2+deb10u2.
For Debian 9 stretch, these problems have been fixed in version 0.3.8-4+deb9u2.
We recommend that you upgrade your gegl packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.