search

foobaz / lossypng

Shrink PNG files by applying a lossy filter
138 stars 18 forks source link

PNG Bomb vulnerability #5

Open oskarwojciski opened 6 years ago

oskarwojciski commented 6 years ago

Testing the lossypng I found out that it is vulnerable for PNG Bomb - trying to optimize image like https://www.bamsoftware.com/hacks/deflate.html can consume a lot of memory. It happening when you call image.Decode() on such file.

One of the way to defend is to check the size of image before decoding - you can do this with decoding only config, like:

optimizeLimit := 10000 // for example
cfg, _, _ := image.DecodeConfig(inFile)
if cfg.Height > optimizeLimit || cfg.Width > optimizeLimit {
    // Throw error / do not optimize etc.                
}
rkravchik commented 6 years ago

It's not this package responsibility. The problem is deeper, it's in std image.Decode() method. And that's why any checks should be done there or by user of this package himself until any fixes in standard lib will be done.