Potential harmful printing of binary Exif metadata in terminal
Description
Mat2 prints binary values of Exif metadata fields on the terminal (mat2 --show
).
Depending on the used terminal emulator, this can mess up the terminal settings or execute code. (Reference: https://security.stackexchange.com/questions/56307/can-cat-ing-a-file-be-a-potential-security-risk).
Exploit (Code Execution):
Here is an example JPG file with binary data in the comment field:
In rxvt-unicode (urxvt) v9.22 showing the metadata of that file with mat2 --show
results in the following:
[user:/tmp] % mat2 --show Binary_data_in_Exif_Comment.jpg
[+] Metadata for Binary_data_in_Exif_Comment.jpg:
Comment:
^[G0
[user:/tmp] % 0
bash: command not found: 0
In this case, the binary 0
does not exist in the system, however, it would have been executed without any user interaction if it had existed.
Suggested Fix
Filter or replace all non-printable characters of metadata before printing.
System information
- MAT2 0.4.0
- perl-image-exiftool 11.11