Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Backports:SLE-15-SP5:Update
jhead.18188
jhead-CVE-2022-41751-1.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File jhead-CVE-2022-41751-1.patch of Package jhead.18188
Index: jhead-3.06.0.1/jhead.c =================================================================== --- jhead-3.06.0.1.orig/jhead.c +++ jhead-3.06.0.1/jhead.c @@ -782,7 +782,15 @@ static int RegenerateThumbnail(const cha return FALSE; } - sprintf(ThumbnailGenCommand, "mogrify -thumbnail %dx%d -quality 80 \"%s\"", + // Disallow characters in the filename that could be used to execute arbitrary + // shell commands with system() below. + if(strpbrk(FileName, "\";'&|`")) { + ErrNonfatal("Filename has invalid characters.", 0, 0); + return FALSE; + } + + snprintf(ThumbnailGenCommand, sizeof(ThumbnailGenCommand), + "mogrify -thumbnail %dx%d -quality 80 \"%s\"", RegenThumbnail, RegenThumbnail, FileName); if (system(ThumbnailGenCommand) == 0){
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor