Validate image dimensions to prevent image bombs

takeaway 2 connections

Validating only file size is insufficient: an attacker can craft an image that is tiny on disk but huge in pixels (an 'image bomb'), crashing the image processor. Always validate dimensions in addition to size, conditionally on the MIME type being an image.

type

recommendation

takeaway Validate image dimensions to prevent image bombs

about

Image bomb concept

Explicitly addresses the image-bomb attack.

takeaway Validate image dimensions to prevent image bombs

from_talk

Handling file uploads for modern developer talk

Recommendation from the validation section.

Provenance

Created in: Handling File Uploads for the Modern Developer — Janko Ma... 2026-04-17 16:18