DOS in imgix CDN's image processing application by pixel flood
Imgix through 2019-06-19 allows remote attackers to cause a denial of service (resource consumption) by manipulating a small JPEG file to specify dimensions of 64250x64250 pixels, which is mishandled during an attempt to load the 'whole image' into memory.
The vulnerability I found in a private program where they were using imgix as cdn, when imgix try to process the crafted image it got DOS
Vulnerability TypeBuffer Overflow
Impact: Denial of Service
Vendor of Productimgix https://www.imgix.com/
Affected Componentimage processing application and CDN
Summary:To exploit I upload a image. I have an image of 5kb, 260x260 pixels.
In the image itself I exchange the 260x260 values with 0xfafa x 0xfafa
(so 64250x64250 pixels). Now service imgix CDN tries to convert the
image once uploaded. By loading the 'whole image' into memory, it
tries to allocate 4128062500 pixels into memory, flooding the memory
and causing DoS.
500 Internal Server Error I received with 55,000+ latency by image CDN