Dan Smith and Julia Kreger of Red Hat and Jay Faulkner of G-Research
noticed a vulnerability in image processing for Ironic, in which a
specially crafted image could be used by an authenticated user to
exploit undesired behaviors in qemu-img, including possible unauthorized
access to potentially sensitive data.