I'd also like to point out that from a simple glance at jhead.c there are plenty of other security issues present, including unsafe temp file creation, other routines calling DoCommand, more unchecked buffers, shell escapes, unsafe buffer sized strcat's in ModifyDescriptComment, and so on. This whole codebase needs a review/rewrite.
-- jhead static string for -cmd too small https://bugs.launchpad.net/bugs/271020 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
