Abstract: The purpose of this document is to provide guidance for the development of a sanitization and analysis software tool for the Bitmap (BMP) images as defined in the Microsoft Developer Network Bitmap Reference. It provides inspection and analysis on various elements that are contained within the BMP file structure and how they can be a cause for concern for either hiding sensitive data or attempts to exploit a system. This document provides an analysis of features in BMP and recommendations to mitigate these threats to provide a safer file. Although this report does not mention vulnerabilities related to a specific image editor, many were used in the analysis of the BMP file format. Numerous Common Vulnerabilities and Exposures (CVE)s have registered for BMP related vulnerabilities in applications.
Date Published: 01 March 2012
Last Reviewed: 11 December 2017
Dissemination Control: N/A
Length: 43 page(s)