search

wagtail / Willow

A wrapper that combines the functionality of multiple Python image libraries into one API
https://willow.wagtail.org/
BSD 3-Clause "New" or "Revised" License
273 stars 53 forks source link

unhandled incorrect jpeg orientation exif tag #104

Closed minusf closed 9 months ago

minusf commented 1 year ago

The auto_orient image operation is written fairly defensively, but we have just experienced an image poisoning attack in wagtail where the image had an existing but non-valid orientation value and willow failed to handle it:

  File "/export/apps/venv/lib/python3.10/site-packages/willow/plugins/pillow.py", line 218, in auto_orient
    if 1 <= orientation <= 8:

Exception Type: TypeError at /cms/images/chooser/
Exception Value: '<=' not supported between instances of 'int' and 'str'
zerolab commented 1 year ago

@minusf any chance you could add that image so we can have a reference for testing?

minusf commented 1 year ago

thank you for looking into this. i have recovered some of the files, hope it helps. i uploaded them as a zip file: images.zip

(i think that regardless of examples out in the wild enforcing that the exif tag is int is a good idea)

minusf commented 1 year ago

this zip file has more: images.zip

zerolab commented 1 year ago

Relevant notes about orientation in #63

zerolab commented 9 months ago

Fixed in v1.6.3 / 1.7.0