On Tue, 20 Oct 2020 at 10:57, Bruno Postle wrote: > > Which suggests there is a 10549x5925 LZW TIFF image in the Exif data, > but all that exiftool finds is two small thumbnails (the panorama > itself is 9848x4924). There is also no JFIF header, I don't know if > this indicates any problem.
Thinking about this, the problem is wider than just this file: nona (and Hugin) use standard libraries and temporary files in a reasonably safe way, but they are not designed to behave gracefully with every kind of possible input file, in particular it is conceivably possible someone could craft an evil file that tricks nona into doing bad things. So my concern is really that you are accepting random files from the internet, although the World Wide Panorama is a community that makes this unlikely (BTW everybody should check out the World Wide Panorama, especially if you shoot spherical panoramas and want to share them: https://worldwidepanorama.org/ ). So I would recommend filtering these files through a tool that has had lots of attack exposure, like ImageMagick. If you use ImageMagick to convert all your incoming JPEG files to PNG and then use this temporary PNG file as input to nona, this will likely solve your server reboot problem, while making the software more robust overall. -- Bruno -- A list of frequently asked questions is available at: http://wiki.panotools.org/Hugin_FAQ --- You received this message because you are subscribed to the Google Groups "hugin and other free panoramic software" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/hugin-ptx/CAJV99ZiUcyQgc47Au_90Mx1B0JvV%3DVgQx6ezQwm5-VbFSNrJdg%40mail.gmail.com.
