I want to use ffmpeg
to recreate an image file that is uploaded. I know that in PHP you can use imagecreatefromjpeg
, imagecreatefrompng
and imagejpeg
etc. to recreate images. That way, if there is any hidden malware in the original images, it will 'break' / be mangled.
But I want to use this ffmpeg command to recreate image files:ffmpeg -i in.jpg out.jpg
I have tested converting an image file that has PHP code stored in its EXIF field, and after converting it, the PHP code is no longer executed in the converted file..
Also, the converted file is smaller in size: from 45.9 KB to 11 KB..
Is that a safe way?
EDIT
Btw, I am also checking the MIME type etc, but MIME can be forged, hence recreating image files is recommended.. I want to convert files on another server where there is no PHP installed. That way I can also avoid any potential PHP memory issues.