Closed r3ggi closed 2 years ago
Hey!
I noticed that the latest jpegoptim is vulnerable to pixel flood attack. Due to unlimited memory consumption, uploading a malicious jpg file to a web application that uses jpegoptim, may cause a denial of service.
jpegoptim
You can read more on that vulnerability here.
Hey!
I noticed that the latest
jpegoptim
is vulnerable to pixel flood attack. Due to unlimited memory consumption, uploading a malicious jpg file to a web application that usesjpegoptim
, may cause a denial of service.You can read more on that vulnerability here.
Proof of concept