Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2020-8175 PoC — jpeg-js 资源管理错误漏洞

Source
https://github.com/knokbak/get-pixels-updated
Associated Vulnerability
Title:jpeg-js 资源管理错误漏洞 (CVE-2020-8175)
Description:jpeg-js是一款基于JavaScript的图像处理程序。 jpeg-js 0.4.0之前版本中存在资源管理错误漏洞。攻击者可借助特制的JPEG图像利用该漏洞造成拒绝服务。
Description
An updated version of get-pixels that patches the CVE-2020-8175 security issue.
Readme
#### This is an updated version of [get-pixels](https://github.com/scijs/get-pixels) which patches the [CVE-2020-8175](https://github.com/advisories/GHSA-w7q9-p3jq-fmhm) security issue. At the time of creation, every file is the same as the ones from the original repository, excluding the package.json.

# get-pixels-updated
##### The following is from the [get-pixels](https://github.com/scijs/get-pixels) GitHub page. As mentioned before, this repository has no breaking changes and is nearly the exact same as the original repository.

Given a URL/path, grab all the pixels in an image and return the result as an [ndarray](https://github.com/mikolalysenko/ndarray).  Written in 100% JavaScript, works both in browserify and in node.js and has no external native dependencies.

Currently the following file formats are supported:

* `PNG`
* `JPEG`
* `GIF`

Example
=======

```javascript
var getPixels = require("get-pixels-updated")

getPixels("lena.png", function(err, pixels) {
  if(err) {
    console.log("Bad image path")
    return
  }
  console.log("got pixels", pixels.shape.slice())
})
```

Install
=======

    npm install get-pixels-updated

### `require("get-pixels-updated")(url[, type], cb(err, pixels))`
Reads all the pixels from url into an ndarray.

* `url` is the path to the file.  It can be a relative path, an http url, a data url, or an [in-memory Buffer](http://nodejs.org/api/buffer.html).
* `type` is an optional mime type for the image (required when using a Buffer)
* `cb(err, pixels)` is a callback which gets triggered once the image is loaded.

**Returns** An ndarray of pixels in raster order having shape equal to `[width, height, channels]`.

**Note** For animated GIFs, a 4D array is returned with shape `[numFrames, width, height, 4]`, where each frame is a slice of the final array.

Credits
=======
Original code from [get-pixels](https://github.com/scijs/get-pixels), updated by [sysollie](https://github.com/sysollie) to fix the [CVE-2020-8175](https://github.com/advisories/GHSA-w7q9-p3jq-fmhm) security issue. Code used and relicensed under and in accordance with the MIT license ([original](https://github.com/scijs/get-pixels/blob/master/LICENSE) | [new](https://github.com/sysollie/get-pixels-updated/blob/main/LICENSE)).
File Snapshot

 [4.0K]  /data/pocs/efc62d394f7ed4e6e69ff0307371b1b59b46d663
├── [3.2K]  dom-pixels.js
├── [1.3K]  LICENSE
├── [4.3K]  node-pixels.js
├── [1.3K]  package.json
├── [2.2K]  README.md
└── [4.0K]  test
    ├── [463K]  lena.png
    ├── [6.0K]  test.js
    ├── [ 326]  test_pattern.bmp
    ├── [  88]  test_pattern.gif
    ├── [4.1K]  test_pattern.jpg
    ├── [ 183]  test_pattern.png
    └── [1.5K]  test_pattern.ppm

1 directory, 12 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.