Turms AI-Serving Module Image Decompression Bomb Denial-of-Service Vulnerability

A denial-of-service vulnerability has been identified in the Turms AI-Serving module, specifically in versions through 0.10.0-SNAPSHOT. The issue arises in the ExtendedOpenCVImage class, which loads images using OpenCV's imread() function without proper validation of dimensions or pixel count. This oversight allows an attacker to upload a compressed image file, such as a PNG, that is small when compressed but expands to several gigabytes when decompressed. The vulnerability leads to immediate memory exhaustion, causing an OutOfMemoryError and crashing the service. If the OCR service is publicly accessible, no authentication is required to exploit this vulnerability.

Impact

Exploitation of this vulnerability causes memory exhaustion, leading to a service crash. The AI-Serving module encounters OutOfMemoryErrors, causing it to become unavailable until manually restarted. This issue could also affect other co-located services on the same server. Additionally, the vulnerability allows for an amplification attack, where multiple concurrent requests can completely exhaust system resources.

Reproduction

To reproduce this vulnerability, upload a specially crafted PNG image to the OCR endpoint of the Turms AI-Serving module. The image should be designed to be small when compressed but expand significantly when decompressed, such as a 65535x65535 pixel image, which is the maximum size for PNGs. The server will attempt to load the entire image into memory, resulting in an OutOfMemoryError and crashing the service.

Remediation

Users are advised to implement strict validation of image dimensions and pixel counts before processing images with OpenCV. Additionally, rate limiting on the OCR endpoint and resource monitoring can help detect and mitigate memory exhaustion attacks.