ERROR:root:error: Image size (329910267 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack. #42

New issue

Closed

opened 2021-04-25 19:58:03 +00:00 by josch · 0 comments

josch commented

2021-04-25 19:58:03 +00:00

Owner

By Paul on 2018-03-20T16:06:27.132Z

In hope of eliminating the well known 200x200" pdf resolution limitation, I tried out @James R. Barlow proposed edited code (a8269391e9)
However, there seems to be another restriction, this time within Pillow

ERROR:root:error: Image size (329910267 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack.

Any ideas how to overcome this problem?

By josch on 2018-03-20T16:07:50.117Z

Which part of the code is throwing the error? Do you have sample input?

By Paul on 2018-03-20T16:16:00.704Z

Thanks for the fast reply, josch! Since I am not a coder, my technical capabilities are quite limited in this regard. The mentioned error seems to be typical for Pillow according to google, that is all I can say so far. The sample input is a huge jpg file (about 80MB, 16,333 × 20,199 pixels). You can find the file here: https://commons.wikimedia.org/wiki/File:Ethnic_Map_of_European_Russia_by_Aleksandr_Rittich-1875.jpg

I am using Pillow-5.0.0

herzliche Grüße

By josch on 2018-03-20T16:21:04.959Z

But... it still works, right? It outputs that warning but then everything is good, no?

By Paul on 2018-03-20T16:25:02.930Z

There is an output in terms of a corrupt 0 bytes pdf file

By josch on 2018-03-20T16:27:39.999Z

The Pillow docs say:

Pillow has previously emitted warnings for images that are unexpectedly large and may be a denial of service. These warnings are now upgraded to DecompressionBombErrors for images that are twice the size of images that trigger the DecompressionBombWarning. The default threshold is 128Mpx, or 0.5GB for an RGB or RGBA image. This can be disabled or changed by setting Image.MAX_IMAGE_PIXELS = None.

So I guess we could put a commandline switch into img2pdf which allows one to disable this check and thus permits images with more than half a gigabyte of pixel data.

Until then, try putting Image.MAX_IMAGE_PIXELS = None somewhere into img2pdf.py.

By Paul on 2018-03-20T16:29:47.006Z

I will give it a try and let you know.

Btw: Is there a reason why the suggested code by @James R. Barlow (a8269391e9) has not find its way to the master version so far?

By Paul on 2018-03-20T16:37:38.733Z

One more thing: So after editing img2pdf.py, I have to compile using pip3 install . once again, right?

By Paul on 2018-03-20T17:17:47.217Z

After all no luck by implementing Image.MAX_IMAGE_PIXELS = None somewhere into img2pdf.py.

macOS Terminal output:

Traceback (most recent call last):
  File "/usr/local/bin/img2pdf", line 7, in <module>
    from img2pdf import main
  File "/usr/local/lib/python3.6/site-packages/img2pdf.py", line 21, in <module>
    Image.MAX_IMAGE_PIXELS = 350000000
NameError: name 'Image' is not defined

By Paul on 2018-03-20T17:37:07.714Z

whoho, It seems to work now! After some research, I used the code

from PIL import Image

Image.MAX_IMAGE_PIXELS = None

it seems to work now! Could you confirm If I did it the right way, cause really don't want to mess with my OS system.

After all, big thanks and big shout out for img2pdf, one of my very very few ESSENTIAL tools. Thanks josch!

By josch on 2018-03-21T07:36:29.972Z

Yes, that's exactly where you should put that line. Just right after the import of the PIL module. Glad it works for you now!

Also, you do not need pip if you just want to run img2pdf. It is written in Python, so nothing is getting compiled. You would only use pip if you want to install it on your system but you can also run the program directly from its source by just executing src/img2pdf.py.

What makes you think that the code by James R. Barlow didn't make it into the master branch. It is in it.

By josch on 2018-03-24T18:59:07.315Z

Commit e78dd80451 adds the --pillow-limit-break option which allows to remove the pillow safeguard via a command line switch. Thus, closing this issue.

By josch on 2018-03-24T18:59:07.467Z

Status changed to closed

By Constance on 2019-05-10T00:38:40.631Z

Sorry if this is not the correct location but is there a way to implement --pillow-limit-break when using img2pdf as a module?

By josch on 2019-05-10T01:42:55.265Z

@constdoc Of course! Just set Image.MAX_IMAGE_PIXELS = None in your code before you use img2pdf as a module.

*By Paul on 2018-03-20T16:06:27.132Z* In hope of eliminating the well known 200x200" pdf resolution limitation, I tried out @James R. Barlow proposed edited code (https://gitlab.mister-muffin.de/josch/img2pdf/commit/a8269391e9b57f5b9a66535c0e5101347169b1d0) However, there seems to be another restriction, this time within Pillow ERROR:root:error: Image size (329910267 pixels) exceeds limit of 178956970 pixels, could be decompression bomb DOS attack. Any ideas how to overcome this problem? --- *By josch on 2018-03-20T16:07:50.117Z* --- Which part of the code is throwing the error? Do you have sample input? --- *By Paul on 2018-03-20T16:16:00.704Z* --- Thanks for the fast reply, josch! Since I am not a coder, my technical capabilities are quite limited in this regard. The mentioned error seems to be typical for Pillow according to google, that is all I can say so far. The sample input is a huge jpg file (about 80MB, 16,333 × 20,199 pixels). You can find the file here: https://commons.wikimedia.org/wiki/File:Ethnic_Map_of_European_Russia_by_Aleksandr_Rittich-1875.jpg I am using Pillow-5.0.0 herzliche Grüße --- *By josch on 2018-03-20T16:21:04.959Z* --- But... it still works, right? It outputs that warning but then everything is good, no? --- *By Paul on 2018-03-20T16:25:02.930Z* --- There is an output in terms of a corrupt 0 bytes pdf file --- *By josch on 2018-03-20T16:27:39.999Z* --- The Pillow docs say: > Pillow has previously emitted warnings for images that are unexpectedly large and may be a denial of service. These warnings are now upgraded to DecompressionBombErrors for images that are twice the size of images that trigger the DecompressionBombWarning. The default threshold is 128Mpx, or 0.5GB for an RGB or RGBA image. This can be disabled or changed by setting Image.MAX_IMAGE_PIXELS = None. So I guess we could put a commandline switch into img2pdf which allows one to disable this check and thus permits images with more than half a gigabyte of pixel data. Until then, try putting `Image.MAX_IMAGE_PIXELS = None` somewhere into `img2pdf.py`. --- *By Paul on 2018-03-20T16:29:47.006Z* --- I will give it a try and let you know. Btw: Is there a reason why the suggested code by @James R. Barlow (https://gitlab.mister-muffin.de/josch/img2pdf/commit/a8269391e9b57f5b9a66535c0e5101347169b1d0) has not find its way to the master version so far? --- *By Paul on 2018-03-20T16:37:38.733Z* --- One more thing: So after editing `img2pdf.py`, I have to compile using `pip3 install .` once again, right? --- *By Paul on 2018-03-20T17:17:47.217Z* --- After all no luck by implementing `Image.MAX_IMAGE_PIXELS = None` somewhere into `img2pdf.py.` macOS Terminal output: ``` Traceback (most recent call last): File "/usr/local/bin/img2pdf", line 7, in <module> from img2pdf import main File "/usr/local/lib/python3.6/site-packages/img2pdf.py", line 21, in <module> Image.MAX_IMAGE_PIXELS = 350000000 NameError: name 'Image' is not defined ``` --- *By Paul on 2018-03-20T17:37:07.714Z* --- whoho, It seems to work now! After some research, I used the code ``` from PIL import Image Image.MAX_IMAGE_PIXELS = None ``` it seems to work now! Could you confirm If I did it the right way, cause really don't want to mess with my OS system. After all, big thanks and big shout out for img2pdf, one of my very very few ESSENTIAL tools. Thanks josch! --- *By josch on 2018-03-21T07:36:29.972Z* --- Yes, that's exactly where you should put that line. Just right after the import of the `PIL` module. Glad it works for you now! Also, you do not need pip if you just want to run img2pdf. It is written in Python, so nothing is getting compiled. You would only use pip if you want to install it on your system but you can also run the program directly from its source by just executing `src/img2pdf.py`. What makes you think that the code by James R. Barlow didn't make it into the master branch. It is in it. --- *By josch on 2018-03-24T18:59:07.315Z* --- Commit e78dd80451d4d92abfcf73fcd4a7ec793b9ef99a adds the `--pillow-limit-break` option which allows to remove the pillow safeguard via a command line switch. Thus, closing this issue. --- *By josch on 2018-03-24T18:59:07.467Z* --- Status changed to closed --- *By Constance on 2019-05-10T00:38:40.631Z* --- Sorry if this is not the correct location but is there a way to implement --pillow-limit-break when using img2pdf as a module? --- *By josch on 2019-05-10T01:42:55.265Z* --- @constdoc Of course! Just set `Image.MAX_IMAGE_PIXELS = None` in your code before you use img2pdf as a module.