Unrestricted Upload of File with Dangerous Type in pimcore/pimcore


Reported on

Oct 23rd 2021


I found unrestricted file upload, to force an image parser to allocate a large volume of memory based on the image headers large file in profile picture, 4250x64250 pixels whole image into memory, it tries to allocate 4128062500 pixels into memory, flooding the memory and causing DoS.

Proof of Concept

location parameter profile image https://drive.google.com/file/d/18bXWqNYRNds4s7fSpk6NTdNHGrwvjMTj/view?usp=sharing

lottapixel.jpg attacking https://drive.google.com/file/d/1uDrxBzWLgUNjD2smG0PmrPhOMOFc_lmJ/view?usp=sharing

testcartoon.jpg normal image https://drive.google.com/file/d/1s7KbAb1bQ-ntg8cC5oAu6QwTIB2O7vsO/view?usp=sharing

poc attack https://drive.google.com/file/d/1YF3ctGtPWKCUSIYuuorXGMQimHM4HTsg/view?usp=sharing


As a patch I would just set a maximum amount of pixels an image can have.


This vulnerability is capable allocate a large volume of memory, flooding the memory and causing DoS.

We have contacted a member of the pimcore team and are waiting to hear back 2 years ago
Bernhard Rusch validated this vulnerability 2 years ago
Raptor has been awarded the disclosure bounty
The fix bounty is now up for grabs
Bernhard Rusch marked this as fixed with commit 007cf7 2 years ago
Bernhard Rusch has been awarded the fix bounty
This vulnerability will not receive a CVE
to join this conversation