Web browsersHTML Decompression bombs can also be sent to web browser, should gzip transfer encoding be supported.See here for some small examples: html-bomb/examples. Unless stated otherwise, we define vulnerable to mean that the application may lead to an out-of-memory, out-of-diskspace, or CPU overload state during the dump decompression of untrusted content.
Notes
Contributions by
|
Possible
impact on bombs |
||||||||
---|---|---|---|---|---|---|---|---|
Vendor |
Product, Version, OS | Compression
usage |
ZIP |
GZIP |
BZIP2 |
GIF |
PNG | Information |
OpenOffice.org |
OpenOffice.org
1.1.0/Windows |
Storage file is a
ZIP, containing documents, styles, pictures... |
vulnerable
(1) |
n.a. | n.a. | safe, but heavy load during decompression (100M) | save,
but heavy load during decompression (1G) |
|
The
GIMP |
The
GIMP for Windows 1.2.4 |
GIF
and PNG related ones |
n.a. | n.a. | n.a. | safe
(100M) |
heavy
load, causes an unknown software exception (screenshot) |
|
The
GIMP |
The
GIMP for Linux 1.2.5 |
GIF
and PNG related ones |
n.a. | n.a. | n.a. | safe
(100M) |
heavy
load, causes system overload (2) |
|
The GIMP | The GIMP for Windows 2.0-pre2 | GIF and PNG related ones | n.a. | n.a. | n.a. | safe
(100M) |
heavy
load |
|
Unknown | Unknown SOAP client |
gzip'ed
XML |
n.a. |
still
untested |
n.a. | n.a. |
n.a.
|
Results
would be interesting... |