https://bugs.kde.org/show_bug.cgi?id=413801
Bug ID: 413801
Summary: There is no protection against huge memory usage
Product: kio-extras
Version: unspecified
Platform: openSUSE RPMs
OS: Linux
Status: REPORTED
Severity: major
Priority: NOR
Component: Thumbnails and previews
Assignee: plasma-b...@kde.org
Reporter: jtam...@gmail.com
Target Milestone: ---
SUMMARY
A single malicious file makes the plugin use all available memory until it is
killed by lack of more memory.
STEPS TO REPRODUCE
1. Download and expand the image from
https://www.bamsoftware.com/hacks/deflate.html
in any folder
2. wait until dolphin/konqueror.... updates the thumbnail of that image.
OBSERVED RESULT
It is killed by the oom killer.
EXPECTED RESULT
It has some protection against those kind of files, like
DecompressionBombWarning in
https://pillow.readthedocs.io/en/3.1.x/reference/Image.html
SOFTWARE/OS VERSIONS
KDE Frameworks 5.63.0
Qt 5.13.1 (built against 5.13.1)
The xcb windowing system
--
You are receiving this mail because:
You are watching all bug changes.
