I'd also like to point out that from a simple glance at jhead.c there are plenty of other security issues present, including unsafe temp file creation, other routines calling DoCommand, more unchecked buffers, shell escapes, unsafe buffer sized strcat's in ModifyDescriptComment, and so on. This whole codebase needs a review/rewrite.
I'd also like to point out that from a simple glance at jhead.c there are plenty of other security issues present, including unsafe temp file creation, other routines calling DoCommand, more unchecked buffers, shell escapes, unsafe buffer sized strcat's in ModifyDescriptC omment, and so on. This whole codebase needs a review/rewrite.