Comment 212 for bug 2059809
Revision history for this message
| Dan Smith (danms) wrote Re: Arbitrary file access through QCOW2 external data file (CVE-2024-32498) | #212 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
1b1ed1a
(Get the code!)
Felix, I can work on a format inspector module for that, yep.
AFAIK, we're not supposed to support that format anywhere. What service(s) did you test that with to hit the problem? Presumably it's a case where you called it raw, format_inspector determined it was raw (because it didn't recognize it) and then we failed to treat it as raw further down the pipeline. Knowing what/where that is may mean we just need to coerce the format to what we determined it is (i.e. raw) when we called qemu-img on it.