fedora 25
format weakness #18

4

Weakness Breakdown


Definition:

A format string exploit occurs when the data of an input string is evaluated as a command by the program. This class of attacks is very similar to buffer overflows since an attacker could execute code, read the stack or cause new behaviors that compromise security. Learn more about format string attacks on OWASP attack index.

Warning code(s):

If format strings can be influenced by an attacker, they can be exploited.

File Name:

magicpoint-1.13a/image/jpeg.c

Context:

The highlighted line of code below is the trigger point of this particular Fedora 25 format weakness.

  * 
 * Permission is NOT granted for the use of any author's name or author's company
 * name in advertising or publicity relating to this software or products derived
 * from it.  This software may be referred to only as "the Independent JPEG
 * Group's software".
 * 
 * We specifically permit and encourage the use of this software as the basis of
 * commercial products, provided that all warranty or liability claims are
 * assumed by the product vendor.
 *
 */

/* 
 * jpeg - This is a quick hack to give xloadimage the ability to
 * read a JFIF file. The jpeg sofware is based on the first public
 * release of the Independent JPEG Group's free JPEG software.
 * 
 * Graeme Gill 18/11/91
 * 
 */

#undef  DEBUG

#ifdef DEBUG
# define debug(xx)	fprintf(stderr,xx)
#else
# define debug(xx)
#endif

#include "image.h"
#include "jpeg.h"

METHODDEF int read_jpeg_data ();

int jpegIdent(fullname, name)
     char *fullname, *name;
{
	struct decompress_info_struct cinfo;
	struct decompress_methods_struct dc_methods;
	struct external_methods_struct e_methods;
	int retv = 0;

	/* Initialize the system-dependent method pointers. */
	cinfo.methods = &dc_methods;
	cinfo.emethods = &e_methods;
	jselerror(&e_methods);				/* error/trace message routines */
	jselvirtmem(&e_methods);				/* memory allocation routines */
	dc_methods.d_ui_method_selection = jselwxli;
	dc_methods.read_jpeg_data = read_jpeg_data;
 

The registered trademark Linux® is used pursuant to a sublicense from the Linux Foundation, the exclusive licensee of Linus Torvalds, owner of the mark on a world­wide basis.