How to check a png file if it is a decompression bomb

Question

How to check a png file if it is a decompression bomb

I play with uploading images to a site, and I found out about these decompression bomb attacks that can take place when it allows you to upload files png(and some others). Since I am going to modify the downloaded images, I want to make sure that I am not a victim of this attack. So when it comes to checking if a file is a pngbomb, can I just read the file headers and make sure that the width and height do not exceed the set limit, for example 4000x4000 or something else? Is this a valid method? Or is the best way to go?

+4

security image-processing imagemagick png

Justmichael Nov 09 '15 at 3:57

source share

1 answer

Glenn Randers-Pehrson · Accepted Answer · 2015-11-09T16:08:15+0000

In addition to large widths and heights, decompression bombs can also have excessively large pieces of iCCP, zTXt, pieces and pieces of iTXt. By default, libpng protects them to some extent.

Your “imagemagick” label indicates that you are asking how to do this with ImageMagick. The default widths and heights of ImageMagick are very large: "convert -list resource" says

Resource restrictions: Width: 214.7MP Height: 214.7MP Area: 8.135GP

ImageMagick's image width and height come from the -limit command line option, which I suppose can also be passed using some equivalent directive in the various ImageMagick APIs. ImageMagick inherits restrictions on iCCP chunks, etc. From libpng.

IHDR libpng, ImageMagick. " " IDAT .

How to check a png file if it is a decompression bomb

More articles: