Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

BMP oversized pallete is not handled properly #623

Closed
nagisa opened this issue Feb 24, 2017 · 1 comment
Closed

BMP oversized pallete is not handled properly #623

nagisa opened this issue Feb 24, 2017 · 1 comment

Comments

@nagisa
Copy link

nagisa commented Feb 24, 2017

Following (base64-encoded) image has malformed header (palette/format), but decoder does not safeguard against it and attempts to read potentially a huge amount of data, which could result in denial-of-service:

Qk2KEAAAAAAAAIoAAAB8AAAAIAAQACAAAAABACAAAwAAAAAQAAATCwAAEygLAQAAAQAAAAAAAAD/
/////////wAAAAAAAAAAAAAAAAAA/wAA/wAAogBISKIASEiiAEhIogBISKIASEigAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIAuLdd/7e3XgZISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBCTYoQAAAAAAAAigAA
AHwAAAAgAAAAIAAAAAEAIAADAAAAABAAABMLAAATCwAAAAAAAAAAAAAAAAD/AAD/AAD/AAAAAAAA
QkdScwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABCTYoQAAAAAAAAigAAAHwAAAAgAAAA
IAAAAAEAIAADAAAAABAAABMLAAATKAsBAAAAAAAA//////////8AAAD//////////wAAAAAAAAAA
AAAA/wAA/0JIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIAAAAAAAAAAAAAAAAAAAAAAAIAAAAAAAAAAAAAAAAAAAABAAAAAAAAAABISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBg
YGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBgYGBg
YGBgYGBgYGBgYGBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEii
AEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIA
SEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBIAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISEiiAEhIogBI
SKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhI
ogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKIASEiiAEhIogBISKKiAAA=
@nwin
Copy link
Contributor

nwin commented Feb 25, 2017

I cannot see any specific problem with the palette handling code, closing as duplicate of #622.

@nwin nwin closed this as completed Feb 25, 2017
@oyvindln oyvindln mentioned this issue Apr 2, 2017
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@nagisa @nwin