Pinging PNG image doesn't work properly (image bomb)

Questions and postings pertaining to the usage of ImageMagick regardless of the interface. This includes the command-line utilities, as well as the C and C++ APIs. Usage questions are like "How do I use ImageMagick to create drop shadows?".
Post Reply
nickmz

Pinging PNG image doesn't work properly (image bomb)

Post by nickmz »

I use Linux Ubuntu - both desktop and server editions. After upgrading to Ubuntu 10.04 I discover that one of my application test failed.

This was "image bomb" test. I prepared special PNG image that could easy lead to memory overconsumption. So my program tried to prevent loading such images by testing image's parameters before loading it into memory.

So, pinging this PNG image doesn't work any more. I tried to run ping with the command line "identify -ping bomb.png" and this command hangs too.

You could try this file yourselves

http://dl.dropbox.com/u/3146456/bomb.png.zip

I think that this is a kind of very serious vulnerability in ImageMagick and that could crash any web application
User avatar
magick
Site Admin
Posts: 11064
Joined: 2003-05-31T11:32:55-07:00

Re: Pinging PNG image doesn't work properly (image bomb)

Post by magick »

Pinging your image works fine with the latest release. For releases of ImageMagick that improperly allocate the pixel cache when pinging, you can still prevent a denial-of-service problem with resource limits. Use the area and disk limits to prevent large images from consuming excessive resources.
nickmz

Re: Pinging PNG image doesn't work properly (image bomb)

Post by nickmz »

I tried the last version. I compiled it myself from the sources at 8-bit mode.

"identify -ping" really works now but what upset me is that this utility hanged almost for 2 seconds and leads to 100% processor use for that time for the file provided.
User avatar
glennrp
Posts: 1147
Joined: 2006-04-01T08:16:32-07:00
Location: Maryland 39.26.30N 76.16.01W

Re: Pinging PNG image doesn't work properly (image bomb)

Post by glennrp »

libpng has the capability of rejecting images quickly if they exceed user-specified limits.
The default acceptable maximum width and height are 1,000,000 x 1,000,000 (I guess
you knew that because your test image is 1,000,000 rows high). Should we apply
smaller limits? If so, what should they be? Perhaps 64k? Users who want to
process larger images would be able to reset the limits to whatever they are
willing to accept. It would be possible to apply even smaller limits while "pinging",
too, if that would be useful.

Glenn
Bonzo
Posts: 2971
Joined: 2006-05-20T08:08:19-07:00
Location: Cambridge, England

Re: Pinging PNG image doesn't work properly (image bomb)

Post by Bonzo »

I think that this is a kind of very serious vulnerability in ImageMagick and that could crash any web application
I would have thought you could avoid this by setting the maximium file upload size in php.ini or similar.
Post Reply