Skip to content

Commit

Permalink
Jpegoptim: Initial Project Proposal (#12919)
Browse files Browse the repository at this point in the history 
I am requesting permission to integrate
[jpegoptim](https://github.com/tjko/jpegoptim) into OSS-Fuzz. I believe
that this project is a good candidate for OSS-Fuzz integration as it
serves as a preeminent JPEG compression library used by many prominent
projects such as [NextCloud
Server](https://github.com/nextcloud/server/blob/c28fceb5d511e22030697e549c618699bce7c205/build/image-optimization.sh#L13C1-L17C3),
[ImageOptim](https://github.com/ImageOptim/ImageOptim), and
[Nikola](https://github.com/getnikola/nikola).

For the sake of highlighting the library's importance and the risks
posed by potential vulnerabilities within it, it is beneficial to
consider NextCloud's usage of the library to handle image size
optimization for storing user's data. Some potential risks include image
corruption and loss of customer data and, as a worst -case-scenario, the
exploitation of the JPEG parsing to achieve RCE on a
public-network-facing file store.

Please see upstream approval for integration
[here](tjko/jpegoptim#182)

Co-authored-by: Vitor Guidi <vitorguidi@gmail.com>
  • Loading branch information
@capuanob @vitorguidi
capuanob and vitorguidi authored Jan 17, 2025
1 parent 3fe9206 commit f482e58
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions projects/jpegoptim/project.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
homepage: "https://www.kokkonen.net/tjko/projects.html"
language: c
primary_contact: "tjko@iki.com"
auto_ccs:
- "capuanobailey@gmail.com"
main_repo: "https://github.com/tjko/jpegoptim.git"

0 comments on commit f482e58

Please sign in to comment.