Pixel flood

Pixel flood is an attack that allows to overflow memory using a specially crafted image.

Example

Consider the code of the site that allow to upload a photo from the user and resize it by half to create a thumbnail.

<?php declare(strict_types=1);
/**
 * @param string $srcFilePath Source file path
 * @param string $dstFilePath Destination file path
 * @param float $scale Scale in (0.0, 1.0)
 */
function resizeImage(string $srcFilePath, string $dstFilePath, float $scale = 0.5): void {
   $originalImage = imagecreatefromjpeg($srcFilePath);

   $width = imagesx($originalImage);
   $height = imagesy($originalImage);
   $newWidth = (int)($width * $scale);
   $newHeight = (int)($height * $scale);

   $newImage = imagecreatetruecolor($newWidth, $newHeight);
   imagecopyresampled($newImage, $originalImage, 0, 0, 0, 0, $newWidth, $newHeight, $width, $height);
   imagejpeg($newImage, $dstFilePath);
}
resizeImage("/tmp/uploaded_image.jpg", "/tmp/resized_image.jpg");

Sorry, but this is part of
Web-security course

Web-security course

  • Actual web attacks with examples
  • A wrong ways of preventing attacks
  • Security methods guaranties elimination of attacks
  • Quizzes for the material fixation

  How to prevent Pixel flood →