X-Git-Url: https://git.pterodactylus.net/?a=blobdiff_plain;f=synfig-core%2Ftags%2Fstable%2Fsrc%2Fmodules%2Fmptr_mplayer%2Fmptr_mplayer.cpp;h=9e3d547f54ab2b34e73741e3bb8cfbc8fad76bbf;hb=47fce282611fbba1044921d22ca887f9b53ad91a;hp=f6a621aa21fa86199073780d36eb5e3977490e99;hpb=40dd10f62f1b0983b20cf99dd4780ea73236eb0c;p=synfig.git

diff --git a/synfig-core/tags/stable/src/modules/mptr_mplayer/mptr_mplayer.cpp b/synfig-core/tags/stable/src/modules/mptr_mplayer/mptr_mplayer.cpp
index f6a621a..9e3d547 100644
--- a/synfig-core/tags/stable/src/modules/mptr_mplayer/mptr_mplayer.cpp
+++ b/synfig-core/tags/stable/src/modules/mptr_mplayer/mptr_mplayer.cpp
@@ -72,6 +72,9 @@ mplayer_mptr::~mplayer_mptr()
 bool
 mplayer_mptr::GetFrame(Time time, synfig::Surface &surface, synfig::ProgressCallback *)
 {
+
+#error This code has vulnerabilites: arbitrary shell command execution and tmpfile issues
+
 	int ret;
 	ret=system(
 		strprintf("/usr/local/bin/mencoder \"%s\" -ovc rawrgb -ss %f -endpos 0 -nosound -o /tmp/tmp.synfig.rgbdata | grep \"VIDEO\" > /tmp/tmp.synfig.size",