Open speeddragon opened 6 years ago
I think this should be part of Arc
too. If we provide functions to modify images, we should also provide the tools to verify them.
This can have a security impact on numerous projects, so definitely +1
If I follow this correctly, Fastimage can do this, specifically Fastimage.type/2
(https://hexdocs.pm/fastimage/1.0.0-rc4/Fastimage.html#type/2)
Since last vulnerabilities with GhostScript, and because ImageMagick use it (for example when we use
convert
), should we include and modify the current examples to use ones that check for magic bytes ?So instead of using this for image validation,
I can also try to add for GIF or other file formats.