Inspection and Sanitization Guidance for Bitmap File Format

Abstract: The purpose of this document is to provide guidance for the development of a sanitization and analysis software tool for the Bitmap (BMP) images as defined in the Microsoft Developer Network Bitmap Reference.  It provides inspection and analysis on various elements that are contained within the BMP file structure and how they can be a cause for concern for either hiding sensitive data or attempts to exploit a system. This document provides an analysis of features in BMP and recommendations to mitigate these threats to provide a safer file. Although this report does not mention vulnerabilities related to a specific image editor, many were used in the analysis of the BMP file format. Numerous Common Vulnerabilities and Exposures (CVE)s have registered for BMP related vulnerabilities in applications.

Date Published:

Last Reviewed: 11 December 2017

Identifier: U/OO/234033-17

Dissemination Control: N/A

Length: 43 page(s)

Format: pdf

Type: Reference/Overview; Report

Tags: National Security Agency - NSA; Cyber; Guidance; Exploitation; Vulnerability; Data