What make things worse is that many clients will automatically reload and reparse the image on open, triggering the vulnerability again and again, lead to infinite loop and eliminating the need for attacker to persistent.

Sigh.

An attacker can craft an image of negative height and weight, thus bypassing the check comparing to file size, lead to following out-of-bound.

Sigh.

However they do not have check on PNG extension, allowing me to upload the malformed GIF image in PNG extension, bypassing the check and crashes whoever receives it.

Sigh. Sigh. Sigh.