lossypng icon indicating copy to clipboard operation
lossypng copied to clipboard

Published 20 hours ago verified publisher icon foobaz

PNG Bomb vulnerability

Open oskarwojciski opened this issue 7 years ago • 1 comments

Testing the lossypng I found out that it is vulnerable for PNG Bomb - trying to optimize image like https://www.bamsoftware.com/hacks/deflate.html can consume a lot of memory. It happening when you call image.Decode() on such file.

One of the way to defend is to check the size of image before decoding - you can do this with decoding only config, like:

optimizeLimit := 10000 // for example
cfg, _, _ := image.DecodeConfig(inFile)
if cfg.Height > optimizeLimit || cfg.Width > optimizeLimit {
	// Throw error / do not optimize etc.                
}

oskarwojciski avatar Oct 22 '17 18:10 oskarwojciski

It's not this package responsibility. The problem is deeper, it's in std image.Decode() method. And that's why any checks should be done there or by user of this package himself until any fixes in standard lib will be done.

rkravchik avatar Mar 22 '18 13:03 rkravchik