How do built-in image images work for image viewers? can they be defeated with managed code and random pixel changes?
I read that some image viewers have been hacked with appropriately rendered images (in a format especially suitable for this, not sure about the details).
So how can you completely eliminate this threat? For example, suppose we are creating a viewer for the affected format, written in managed code, and so that it converts the images to pure BMP (or something else so simple that its viewers cannot be hacked); will the problem go away? How about first converting to BMP and then introducing some common small random pixel changes to better disrupt a possible hack?
Let's say this image satin converter will be included in the firewall so that only the default βsafeβ scanned images will be loaded during normal viewing. Will this solve the problem? Or is my reasoning wrong due to a misunderstanding of the nature of image-based exploits?
source to share
Your question, I think, boils down to whether the attack lives in the data or in the image. If it is in the data, then just decoding the image and re-encoding with a well known encoder, it will ensure security. If it's in the image, you might need to change the pixels.
A famous example of this was the misuse of JPEG comment fields with bad lengths , originally a bug in Netscape but later independently introduced in Windows . It was more of a data problem than an image problem; some of the data in question is not even image data, but metadata. If you decoded the image using a fenced descriptor, perhaps detecting and recovering from the corrupt comment field, then re-encoding it with a friendly encoder, the result would be safe even for vulnerable decoders. Doing so will naively result in a loss of quality; it is possible to recode JPEG losslessly, but this requires special code.
I get the feeling that image layer attacks are not possible, only data layer attacks. The image formats are reasonably well specified and generally simple enough that the image content really shouldn't interfere with the decoding process. Of course, I cannot prove it, although I cannot even state it.
source to share