I use Linux Ubuntu - both desktop and server editions. After upgrading to Ubuntu 10.04 I discover that one of my application test failed.
This was "image bomb" test. I prepared special PNG image that could easy lead to memory overconsumption. So my program tried to prevent loading such images by testing image's parameters before loading it into memory.
So, pinging this PNG image doesn't work any more. I tried to run ping with the command line "identify -ping bomb.png" and this command hangs too.
You could try this file yourselves
http://dl.dropbox.com/u/3146456/bomb.png.zip
I think that this is a kind of very serious vulnerability in ImageMagick and that could crash any web application
Pinging PNG image doesn't work properly (image bomb)
Re: Pinging PNG image doesn't work properly (image bomb)
Pinging your image works fine with the latest release. For releases of ImageMagick that improperly allocate the pixel cache when pinging, you can still prevent a denial-of-service problem with resource limits. Use the area and disk limits to prevent large images from consuming excessive resources.
-
nickmz
Re: Pinging PNG image doesn't work properly (image bomb)
I tried the last version. I compiled it myself from the sources at 8-bit mode.
"identify -ping" really works now but what upset me is that this utility hanged almost for 2 seconds and leads to 100% processor use for that time for the file provided.
"identify -ping" really works now but what upset me is that this utility hanged almost for 2 seconds and leads to 100% processor use for that time for the file provided.
Re: Pinging PNG image doesn't work properly (image bomb)
libpng has the capability of rejecting images quickly if they exceed user-specified limits.
The default acceptable maximum width and height are 1,000,000 x 1,000,000 (I guess
you knew that because your test image is 1,000,000 rows high). Should we apply
smaller limits? If so, what should they be? Perhaps 64k? Users who want to
process larger images would be able to reset the limits to whatever they are
willing to accept. It would be possible to apply even smaller limits while "pinging",
too, if that would be useful.
Glenn
The default acceptable maximum width and height are 1,000,000 x 1,000,000 (I guess
you knew that because your test image is 1,000,000 rows high). Should we apply
smaller limits? If so, what should they be? Perhaps 64k? Users who want to
process larger images would be able to reset the limits to whatever they are
willing to accept. It would be possible to apply even smaller limits while "pinging",
too, if that would be useful.
Glenn
Re: Pinging PNG image doesn't work properly (image bomb)
I would have thought you could avoid this by setting the maximium file upload size in php.ini or similar.I think that this is a kind of very serious vulnerability in ImageMagick and that could crash any web application