- Type: hidden command
- Affected versions: none (synthetic backdoor)
If the image file fed to libpng_read_fuzzer contains two textual data sections:
- Key
"Author", value"Gandalf the grey" - Key
"Runes", value<CMD>Then<CMD>is executed as root.
We can use a carefully crafted valid PNG image with the textual data sections described above (e.g., with the backdoored variant):
$ ./backdoored/libpng_read_fuzzer < ./backdoor-trigger.png
uid=0(root) gid=0(root) groups=0(root)
libpng error: read error