Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
Imager::Security(3)   User Contributed Perl Documentation  Imager::Security(3)

       Imager::Security	- brief	notes on security and image processing

	 # keep	abreast	of security updates
	 apt-get update	&& apt-get upgrade
	 yum upgrade
	 pkgin update && pkgin upgrade
	 # or local equivalent

	 # limit memory	use
	 use Imager;
	 # only	images that use	up to 10MB
	 Imager->set_file_limits(bytes => 10_000_000);

       There's two basic security considerations when dealing with images from
       an unknown source:

       o   keeping your	libraries up to	date

       o   limiting the	amount of memory used to store images

   Keeping libraries up	to date
       Image file format libraries such	as "libpng" or "libtiff" have
       relatively frequent security updates, keeping your libraries up to date
       is basic	security.

       If you're using user supplied fonts, you	will need to keep your font
       libraries up to date too.

   Limiting memory used
       With compression, and especially	with pointer formats like TIFF,	it's
       possible	to store very large images in a	relatively small file.

       If you're receiving image data from an untrusted	source you should
       limit the amount	of memory that Imager can allocate for a read in image
       file using the "set_file_limits()" method.

	 Imager->set_file_limits(bytes => 10_000_000);

       You may also want to limit the maximum width and	height of images read
       from files:

	 Imager->set_file_limits(width => 10_000, height => 10_000,
				 bytes => 10_000_000);

       This has	no effect on images created without a file:

	 # succeeds
	 my $image = Imager->new(xsize => 10_001, ysize	=> 10_001);

       You can reset to	the defaults with:

	 Imager->set_file_limits(reset => 1);

       Tony Cook <>

perl v5.32.0			  2014-01-10		   Imager::Security(3)


Want to link to this manual page? Use this URL:

home | help