fedora 24
shell weakness #18

4

Weakness Breakdown


Definition:

A shell weakness occurs when a program enables an attacker to execute unexpected commands on the operating system.

Warning code(s):

This causes a new program to execute and is difficult to use safely.

File Name:

GREYCstoration-2.8/src/CImg.h

Context:

The highlighted line of code below is the trigger point of this particular Fedora 24 shell weakness.

       return *this;
    }

    //! Save the image using GraphicsMagick's gm.
    /** Function that saves the image for other file formats that are not natively handled by CImg,
        using the tool 'gm' from the GraphicsMagick package.\n
        This is the case for all compressed image formats (GIF,PNG,JPG,TIF, ...). You need to install
        the GraphicsMagick package in order to get
        this function working properly (see http://www.graphicsmagick.org ).
    **/
    const CImg<T>& save_graphicsmagick(const char *const filename, const unsigned int quality=100) const {
      if (is_empty()) throw CImgInstanceException("CImg<%s>::save_graphicsmagick() : Instance image (%u,%u,%u,%u,%p) is empty (file '%s')",
                                                  pixel_type(),width,height,depth,dim,data,filename);
      if (!filename) throw CImgArgumentException("CImg<%s>::save_graphicsmagick() : Instance image (%u,%u,%u,%u,%p), specified filename is (null).",
                                                 pixel_type(),width,height,depth,dim,data);
      char command[1024],filetmp[512];
      std::FILE *file;
      do {
        if (dim==1) std::sprintf(filetmp,"%s%s%s.pgm",cimg::temporary_path(),cimg_OS==2?"\\":"/",cimg::filenamerand());
        else std::sprintf(filetmp,"%s%s%s.ppm",cimg::temporary_path(),cimg_OS==2?"\\":"/",cimg::filenamerand());
        if ((file=std::fopen(filetmp,"rb"))!=0) std::fclose(file);
      } while (file);
      save_pnm(filetmp);
      std::sprintf(command,"%s -quality %u%% %s \"%s\"",cimg::graphicsmagick_path(),quality,filetmp,filename);
      cimg::system(command);
      file = std::fopen(filename,"rb");
      if (!file) throw CImgIOException("CImg<%s>::save_graphicsmagick() : Failed to save image '%s'.\n\n"
                                       "Path of 'gm' : \"%s\"\n"
                                       "Path of temporary filename : \"%s\"\n",
                                       pixel_type(),filename,cimg::graphicsmagick_path(),filetmp);
      if (file) cimg::fclose(file);
      std::remove(filetmp);
      return *this;
    }

    const CImg<T>& save_other(const char *const filename, const unsigned int quality=100) const {
      const unsigned int odebug = cimg::exception_mode();
      bool is_saved = true;
      cimg::exception_mode() = 0;
      try { save_magick(filename); }
      catch (CImgException&) {
        try { save_imagemagick(filename,quality); }
        catch (CImgException&) {
          try { save_graphicsmagick(filename,quality); }
          catch (CImgException&) {
            is_saved = false;
          }
        }
      }
      cimg::exception_mode() = odebug; 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.