In CVE-2018-13379, untrusted user could use the feature of
snprintf() to launch the attack of arbitrary file reading.
snprintf() already a safer function?
What kind of the feature can be used to bypass the limitation of file extension?
In this article, I would not only analyze the way of launching an attack, but also share some ideas of mitigation!