Hi Ive been investigating using Sanselan as part of an image rewriting feature we are including in the Shindig project ( http://incubator.apache.org/shindig/). The goal is to rewrite images fetched through an HTTP proxy to reduce their size either by switching encoding e.g. BMP -> PNG or by stripping metadata (EXIF, comments ...) Im primarily using Sanselan to parse the image metadata to avoid exposing the code to the many security vulnerabilities that exist in ImageIO on various VMs such as
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0243 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2789 This works very well as Sanselan is very strict in how it parses certain datastructures such as ICC profiles where specially crafted images could cause buffer overrun attacks in the native libraries in ImageIO. I have a set of images that reproduce some of the common attacks against ImageIO that I'm testing with and Sanselan does very well against them. I currently have one image that can cause an OutOfMemory error by misrepresenting the number of ICC tags when parsing the ICC profile (attached). Having a VM die from OutOfMemory is better than a security vulnerability. I was wondering whether you consider robustness against malicious image parsing something you would like your code to handle (Id be happy to provide test cases for what I have). As a more amorphous topic there is a real shortage of secure image processing available in Java, most libraries are designed for speed and not for robustness or defensiveness, building those facilities in your project would be a boon to mankind and likely to attract a great number of interested folks, myself included, to contribute actively. Best Louis Ryan
