Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8175 PoC — jpeg-js 资源管理错误漏洞

Source
https://github.com/knokbak/save-pixels-updated
Associated Vulnerability
Title:jpeg-js 资源管理错误漏洞 (CVE-2020-8175)
Description:jpeg-js是一款基于JavaScript的图像处理程序。 jpeg-js 0.4.0之前版本中存在资源管理错误漏洞。攻击者可借助特制的JPEG图像利用该漏洞造成拒绝服务。
Description
An updated version of save-pixels that patches the CVE-2020-8175 security issue.
Readme
#### This is an updated version of [save-pixels](https://github.com/scijs/save-pixels) which patches the [CVE-2020-8175](https://github.com/advisories/GHSA-w7q9-p3jq-fmhm) security issue. At the time of creation, every file is the same as the ones from the original repository, excluding the package.json.

# save-pixels-updated
##### The following is from the [save-pixels](https://github.com/scijs/save-pixels) GitHub page. As mentioned before, this repository has no breaking changes and is nearly the exact same as the original repository.
Saves an ndarray to an image.

Example
=======
```javascript
var zeros = require("zeros")
var savePixels = require("save-pixels-updated")

//Create an image
var x = zeros([32, 32])
x.set(16, 16, 255)

//Save to a file
savePixels(x, "png").pipe(process.stdout)
```

This writes the following image to stdout:

<img src=https://raw.github.com/mikolalysenko/save-pixels/master/example/example.png>

Install
=======

    npm install save-pixels-updated

### `require("save-pixels-updated")(array, type[, options])`
Saves an ndarray as an image with the given format

* `array` is an `ndarray` of pixels.  Assumes that shape is `[width, height, channels]`
* `type` is the type of the image to save.  Currently supported formats:

  + `"jpeg"`, `"jpg"` - Joint Photographic Experts Group format
  + `"gif"` - Graphics Interchange Format
  + `"png"` - Portable Network Graphics format
  + `"canvas"` - A canvas element

* `options` is an object that alters saving behavior

  + `quality` is the `Number` to use for saved image quality

    + This can only be used with a `"jpeg"` image
    + It range between 1 (low quality) and 100 (high quality) inclusively

**Returns** A stream that you can pipe to serialize the result, or a canvas element if the `type` is `"canvas"`.

Credits
=======
Original code from [save-pixels](https://github.com/scijs/save-pixels), updated by [sysollie](https://github.com/sysollie) to fix the [CVE-2020-8175](https://github.com/advisories/GHSA-w7q9-p3jq-fmhm) security issue. Code used and relicensed under and in accordance with the MIT license ([original](https://github.com/scijs/save-pixels/blob/master/LICENSE) | [new](https://github.com/sysollie/save-pixels-updated/blob/main/LICENSE)).
File Snapshot

 [4.0K]  /data/pocs/69327c039a7fc263042307b86e480ec4c834982e
├── [1.3K]  LICENSE
├── [ 948]  package.json
├── [2.2K]  README.md
├── [3.9K]  save-pixels.js
└── [4.0K]  test
    ├── [ 849]  expected.jpeg
    └── [8.3K]  test.js

1 directory, 6 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.