I've just read this question What is the corrupted image vulnerability? How does it work? (GIFAR, EXIF data with javascript, etc..)
I'm asking myself how can I protect myself and my website's users.
My users are allowed to upload their own images (e.g. forum avatars, pictures as part of a message), these pictures being displayed to all other visitors of the corresponding page.
What can I do to be sure that an uploaded file is a real, plain picture and not something else? I'm not asking about a way to overcome specific vulnerability, I'm asking how can I be sure that file contain nothing else than a plain image data? (so I'll probably be protected also against 'yet to be find' vulnerabilities)