Home > Vulnerability Database > CVE-2015-7982

Mend.io Vulnerability Database

CVE-2015-7982

Good to know:

Date: August 19, 2025

gm version 1.20.0 and below are vulnerable to command injection when user input is passed into the arguments of the gm.comparefunction. The compare() function fails to sanitize meta characters correctly before calling the graphics magic binary.

Language: JS

Severity Score

6.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2015-7982

Url: https://github.com/aheckmann/gm/commit/5f5c77490aa84ed313405c88905eb4566135be31

Url: https://www.npmjs.com/advisories/54

Url: https://github.com/aheckmann/gm

Url: https://www.mend.io/vulnerability-database/CVE-2015-7982

Severity Score

6.5

Weakness Type (CWE)

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Top Fix

Upgrade Version

Upgrade to version gm - 1.21.1

Learn More

CVSS v3.1

Base Score:	6.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2015-7982

Good to know:

Date: August 19, 2025

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?