Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages

  
 
  

home | help
Imager::Security(3)   User Contributed Perl Documentation  Imager::Security(3)

NAME
       Imager::Security	- brief	notes on security and image processing

SYNOPSIS
	 # keep	abreast	of security updates
	 apt-get update	&& apt-get upgrade
	 yum upgrade
	 pkgin update && pkgin upgrade
	 # or local equivalent

	 # limit memory	use
	 use Imager;
	 # only	images that use	up to 10MB
	 Imager->set_file_limits(bytes => 10_000_000);

DESCRIPTION
       There's two basic security considerations when dealing with images from
       an unknown source:

       o   keeping your	libraries up to	date

       o   limiting the	amount of memory used to store images

   Keeping libraries up	to date
       Image file format libraries such	as "libpng" or "libtiff" have
       relatively frequent security updates, keeping your libraries up to date
       is basic	security.

       If you're using user supplied fonts, you	will need to keep your font
       libraries up to date too.

   Limiting memory used
       With compression, and especially	with pointer formats like TIFF,	it's
       possible	to store very large images in a	relatively small file.

       If you're receiving image data from an untrusted	source you should
       limit the amount	of memory that Imager can allocate for a read in image
       file using the "set_file_limits()" method.

	 Imager->set_file_limits(bytes => 10_000_000);

       You may also want to limit the maximum width and	height of images read
       from files:

	 Imager->set_file_limits(width => 10_000, height => 10_000,
				 bytes => 10_000_000);

       This has	no effect on images created without a file:

	 # succeeds
	 my $image = Imager->new(xsize => 10_001, ysize	=> 10_001);

       You can reset to	the defaults with:

	 Imager->set_file_limits(reset => 1);

AUTHOR
       Tony Cook <tonyc@cpan.org>

perl v5.32.0			  2014-01-10		   Imager::Security(3)

NAME | SYNOPSIS | DESCRIPTION | AUTHOR

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=Imager::Security&sektion=3&manpath=FreeBSD+12.2-RELEASE+and+Ports>

home | help