Comment 174 for bug 2059809

The first glance patch adds the check from qemu-img yes, but the later ones add the format_inspector-based approach which should run before the qemu-img check. Do you have all of them applied? If qemu-img is patched, then the first patch which checks the qemu-img output is technically sufficient to close the hole, but if you don't have that, the last patch in the series is the one that checks with format_inspector first.

Even still, if qemu-img fails to run we should fail to complete the conversion and the image should (I think) stay in queued or importing state. Is that what you mean by "still accept the image" or do you mean image conversion fails and we ingest all the way to active anyway? If so, that's probably a bug in image_conversion, but I'd have to ask other glance people what they expect.

Also note that the glance part of this is fully mitigatable by disabling the image_conversion plugin. Not even sure how widely used that is.