2

There is a well-known threat named compression bombs. Such image formats as PNG and JPEG use compression methods, and therefore and in theory PNG/JPEG images might be a compression-bomb.

I've found an example of PNG, and many mitigations guidelines (1, 2) for PNG images.

But what about JPEG? How to protect against a JPEG-bomb? Are JPEG-bombs even possible?

The only JPEG-specific information I've found is JPEG XL predictors that might generate quite big images from just a few tens of bytes.

Bruno Rohée
  • 5,221
  • 28
  • 39
salazar324
  • 33
  • 4
  • 1
    JPEG XL is a different format from JPEG. I believe JPEG compression is *probably* not able to expand indefinitely since JPEG is encoded in 8x8 blocks and Huffman-coded - the maximum compression ratio would be something like 1 bit per 64 pixels. However you would have to watch out for an image file containing a very large image size in the header and then with the pixel data entirely missing from the file – user253751 May 18 '22 at 11:09

0 Answers0