Denial of Service
Denial of Service (DoS) techniques must only be tested in a controlled environment, in which it is easy to recover if the application goes down. Never try them on production systems.
We can force certain image parsing applications or libraries to crash when they try to parse a malformed image file. Today, image parsing code is available in most web applications in the form of image upload, resize, and so on. Let's go through some of the documented techniques of DoS through image files.
The following documented techniques were publicly disclosed by a HackerOne user who goes by the dutchgraa username.
Malicious JPEG file – pixel flood
This technique exploits the way image parsers parse a JPG or JPEG file. Simply speaking, initially, we will take a valid JPEG image with any random pixel dimension, say 100x100. Then we hexedit or programmatically change the dimensions to something very large, such as 65000x65000 in the EXIF dimension as well as the dimension of the image. This...
