[Bug 528000] Tainted variables in sprintf format
bugzilla at redhat.com
bugzilla at redhat.com
Fri Oct 9 17:09:45 UTC 2009
Please do not reply directly to this email. All additional
comments should be made in the comments box of this bug.
https://bugzilla.redhat.com/show_bug.cgi?id=528000
Phil Harvey <boardhead62 at hotmail.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |boardhead62 at hotmail.com
--- Comment #5 from Phil Harvey <boardhead62 at hotmail.com> 2009-10-09 13:09:44 EDT ---
If this generates taint errors, I'm surprised that exiftool doesn't
generate more. The value of $format is obtained from an unpack('S',...)
call, so the result is guaranteed to be either undefined or a number
in the range 0 to 65535. How is this a security problem when used
in a sprintf format string?
--
Configure bugmail: https://bugzilla.redhat.com/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are on the CC list for the bug.
More information about the Fedora-perl-devel-list
mailing list