angler-fishThe Vulnerability History Project

Lesson: Complex Inputs

Did this vulnerability involve mishandling a complex input? Vulnerabilities with this tag were flagged as an example of a recurring lesson in secure software engineering. Historically, many vulnerabilities have occurred when a program like an expressive language, a deeply-nested structure, or an intricate compression algorithm. Embedded fonts, URLs, directory paths, video media, vector graphics, query strings, custom protocols, and raster graphics are just a few examples of deceptively complex inputs that have led to vulnerabilities.


Beware of complex inputs

Don't just think about code complexity, think about *input* complexity.