fedora 24
shell weakness #15

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

GREYCstoration-2.8/src/CImg.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

         cimg::fclose(cimg::fopen(filename,"r"));
        throw CImgIOException("CImg<%s>::load_imagemagick() : Failed to open image '%s'.\n\n"
                              "Path of 'ImageMagick's convert' : \"%s\"\n"
                              "Path of temporary filename : \"%s\"",
                              pixel_type(),filename,cimg::imagemagick_path(),filetmp);
      } else cimg::fclose(file);
      load_pnm(filetmp);
      std::remove(filetmp);
      return *this;
    }

    //! Load an image using GraphicsMagick's convert.
    static CImg<T> get_load_graphicsmagick(const char *const filename) {
      return CImg<T>().load_graphicsmagick(filename);
    }

    CImg<T>& load_graphicsmagick(const char *const filename) {
      char command[1024], filetmp[512];
      std::FILE *file = 0;
      do {
        std::sprintf(filetmp,"%s%s%s.ppm",cimg::temporary_path(),cimg_OS==2?"\\":"/",cimg::filenamerand());
        if ((file=std::fopen(filetmp,"rb"))!=0) std::fclose(file);
      } while (file);
      std::sprintf(command,"%s convert \"%s\" %s",cimg::graphicsmagick_path(),filename,filetmp);
      cimg::system(command,cimg::graphicsmagick_path());
      if (!(file = std::fopen(filetmp,"rb"))) {
        cimg::fclose(cimg::fopen(filename,"r"));
        throw CImgIOException("CImg<%s>::load_graphicsmagick() : Failed to open image '%s'.\n\n"
                              "Path of 'GraphicsMagick's gm' : \"%s\"\n"
                              "Path of temporary filename : \"%s\"",
                              pixel_type(),filename,cimg::graphicsmagick_path(),filetmp);
      } else cimg::fclose(file);
      load_pnm(filetmp);
      std::remove(filetmp);
      return *this;
    }

    //! Load an image using ImageMagick's or GraphicsMagick's executables.
    static CImg<T> get_load_other(const char *const filename) {
      return CImg<T>().load_other(filename);
    }

    CImg<T>& load_other(const char *const filename) {
      const unsigned int odebug = cimg::exception_mode();
      cimg::exception_mode() = 0;
      try { load_magick(filename); }
      catch (CImgException&) {
        try { load_imagemagick(filename); }
        catch (CImgException&) {
          try { load_graphicsmagick(filename); } 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.