Security of uploaded images

Off topic, maybe not a question I should ask here. Is it possible a client could upload a malware loaded png file. What protection does network have or could have to protect other users who might view these png files?

It is most certainly possible.

As far as I know, PNGs are not by themselves dangerous, i.e. they can not contain code that the client is supposed to run on the viewers machine. So, any malware in the PNG would most likely take advantage of a vulnerability in the image interpreter. The obvious protection against such malware is to only use software that is actively maintained and keep it up to date with the latest security patches.

Furthermore, once a client is known to upload malicious files, its API key can be revoked to prevent it from uploading any more files.

1 Like