superrob1500
/
mirror-immich
mirror of https://github.com/immich-app/immich
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Fix security decompression bombs

pull/27980/head
Webysther Sperandio 2026-04-20 07:43:23 +02:00 committed by GitHub
parent 0eef15a3ab
commit 3aeeff48cd
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
server/src/repositories/media.repository.ts
View File

@ -186,7 +186,7 @@ export class MediaRepository {
let pipeline = sharp(input, {
// some invalid images can still be processed by sharp, but we want to fail on them by default to avoid crashes
failOn: options.processInvalidImages ? 'none' : 'error',
limitInputPixels: false,
limitInputPixels: 1000000000,
raw: options.raw,
unlimited: true,
})
@ -313,7 +313,7 @@ export class MediaRepository {
}
async getImageMetadata(input: string | Buffer): Promise<ImageDimensions & { isTransparent: boolean }> {
const { width = 0, height = 0, hasAlpha = false } = await sharp(input).metadata();
const { width = 0, height = 0, hasAlpha = false } = await sharp(input, {limitInputPixels: 1000000000}).metadata();
return { width, height, isTransparent: hasAlpha };
}