Provide means to reject malicious or large images which can lead to denial-of-service #105
Labels
Comments
coobird
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Highly-compressed images in the form of large PNGs or malicious PNG decompression bombs could lead to
OutOfMemoryErrors.While I haven't researched whether decompression bombs can actually happen with the default PNG reader bundled with Java, if such things can happen, then a countermeasure against them would be nice to incorporate in Thumbnailator.
Also, OOMs from large images could be avoided by first checking the dimensions of the image.
If a image is rejected, it may be useful to return the images which failed via a callback mechanism. (Perhaps something like a
RejectedImageListenerthat is given via one of the top-level API method, which enables this feature.)References:
The text was updated successfully, but these errors were encountered: