Build Status

BombShelter is a module which protects your uploaders from image bombs. It checks pixel dimensions of uploaded image before ImageMagick touches it.

Sponsored by Evil Martians

How it works

BombShelter uses fastimage gem, which reads just a header of an image to get info about it. BombShelter compares pixel dimensions of the uploaded image with maximum allowed ones and raises integrity error if image is too big. Works perfectly with ActiveRecord validators.


Add this line to your application's Gemfile:

gem 'carrierwave-bombshelter'

And then execute:

$ bundle

Or install it yourself as:

$ gem install carrierwave-bombshelter


Just include CarrierWave::BombShelter to your uploader and you're done:

class YourUploader < CarrierWave::Uploader::Base
  include CarrierWave::BombShelter

By default BombShelter sets maximum allowed dimensions to 4096x4096, but you can set your own ones by defining max_pixel_dimensions method:

class YourUploader < CarrierWave::Uploader::Base
  include CarrierWave::BombShelter

  def max_pixel_dimensions
    [1024, 1024]


Bug reports and pull requests are welcome on GitHub at This project is intended to be a safe, welcoming space for collaboration, and contributors are expected to adhere to the Contributor Covenant code of conduct.


The gem is available as open source under the terms of the MIT License.