It was learned by the OpenStack community that running qemu-img on untrusted images without a format pre-specified can present a security risk. Furthermore, some of these specific image formats have inherently unsafe features. This is rooted in how qemu-img operates where all image drivers are loaded and attempt to evaluate the input data.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:7174 https://access.redhat.com/errata/RHSA-2024:7174
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:7594 https://access.redhat.com/errata/RHSA-2024:7594