You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The VP8X chunk allows specifying ridiculously large canvas dimensions up to 2^24 x 2^24, which end up being used for ALPH chunk bitstreams. This can be a DoS vector. It's unclear whether there's a valid WebP with such large dimensions, as both the VP8 and VP8L bitstreams only allow dimensions up to 2^12 x 2^12. In other words, a larger ALPH would be rejected later anyway in parsing for mismatching dimensions with the VP8/VP8L appearing later.
The text was updated successfully, but these errors were encountered:
The
VP8Xchunk allows specifying ridiculously large canvas dimensions up to 2^24 x 2^24, which end up being used forALPHchunk bitstreams. This can be a DoS vector. It's unclear whether there's a valid WebP with such large dimensions, as both theVP8andVP8Lbitstreams only allow dimensions up to 2^12 x 2^12. In other words, a largerALPHwould be rejected later anyway in parsing for mismatching dimensions with theVP8/VP8Lappearing later.The text was updated successfully, but these errors were encountered: