• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Google and Mozilla Push for AV1 Image Format Adoption, Beats JPEG and HEIC

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Oops Sorry you need to brush up on a few things
if image is loaded or Data into a Browser then the Browser runs the data
Or Do You Dispute that this can Happen ?
Remember the Crypto Coin Mining Browser Contraversity currently Circulating
When a browser loads an image, it will never, under any circumstances need to execute that part of the memory. It knows it's data, therefore it does not need to be executed. It's why we have languages like Rust and DEP at a hardware level: to make sure data memory regions are not "executed".

And let's leave mining out of this, it really has nothing to do with the subject.
There a lot of way to to run an code from within a a file that has the signature of an image (or pretty much everything else) by exploiting the vulnerabilities of the software used to view them. One of the most basic methods is screwing with buffers and overwriting data at locations in memory that are marked as being executable. That's how code gets to "run by itself by simply loading it into memory" , it ain't that complicated.

View attachment 96277
Thank you, this is what I've been saying from the start: it's the decoders that should be under scrutiny here, not the image format itself.
 
Joined
Dec 6, 2005
Messages
10,770 (2.03/day)
Location
Manchester, NH
System Name Working on it ;)
Processor I7-4790K (Stock speeds right now)
Motherboard MSI Z97 U3 Plus
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) GIGABYTE Vega 64 (Non Reference)
Storage Samsung EVO 500GB / 8 Different WDs / QNAP TS-253 8GB NAS with 2x2Tb WD Black
Display(s) 34" LG 34CB88-P 21:9 Curved UltraWide QHD (3440*1440) *FREE_SYNC*
Case Rosewill Challenger
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750 (love it)
Mouse Logitech G5
Keyboard Corsair Strafe RGB & G610 Orion Red
Software Win 10 upgraded from Win 7 Pro
PNG is more the newer GIF and JPEG 2000 was too complex and had patent issues.
That does remind me of the patent issues with GIF files. Compuserve owned the rights to GIF, and if you inadvertently stuck a GIF into commercial software, there was a chance they'd come knocking at your door for license $. The patents have long expired on GIF at least, about 10 years ago. For pictures with not too many colors, like windows dialogs and icons, it was a very efficient compression format, certainly compared with .BMP and as far as I know, GIF was lossless.

JPEG is extremely lossy, but flexible and pretty efficient. I'm curious how this compares.
 
Joined
Sep 3, 2017
Messages
176 (0.18/day)
Location
Russia
Processor FX 8320 @4.2 | i7 2600 @3.8 | Xeon W3670 @ 3.6
Motherboard Asus Sabertooth R2.0 | Asus P8Z77-V Deluxe | Gigabyte X58-UD7
Cooling Zalman Performa 10+ | Zalman Performa 11+ | Zalman Performa 10+
Memory Crucial Ballistix Sport XT 32GB @ 1866 | Corsair Vengeance 32GB @1866 | Samsung 24GB @ 1600
Video Card(s) XFX Radeon 390x | Zotac GTX 1070 AMP Extreme | Zotac GTX 980 AMP Extreme
Storage Intel SSD / SAS 15k Fujitsu | Intel SSD / Velociraptors / Hitachi 2TB | Intel SSD / Samsung 1TB
Display(s) Samsung 245T | HP ZR30w | IBM 20" 4x3
Case Chieftec | Corsair Graphite 600T | Thermaltake Xaser IV
Audio Device(s) SB Titanium HD | SB Titanium HD | SB X-fi Elite Pro
Power Supply Thermaltake 875W | Corsair 850W | Thermaltake 1500W
Mouse Logitech | Logitech | Logitech
Keyboard Mitsumi Classic | Microsoft |Microsoft
Software W7 x64 | W7 x64 |W7 x64 / XP x32
Sure, old inefficient JPG is our main problem!

Download current page (save complete to your disk), according to my word processor main article + some comments = 15600 symbols and spaces, ok Unicode is double byte and add little extra html and we got 71 kilobytes. Now lets see to supplemental folder for our nice HTML: 52k of images and 939k of CSS/JS/BS... 1 Mbyte per 20 paragraphs of text and 5 simple ad pictures.

And youtube...

Sure JPG is old and consumes so much traffic...
 
Last edited:
Joined
Mar 26, 2006
Messages
499 (0.10/day)
Location
Stamford, UK
System Name The Money Sink
Processor Intel i7-5960X at 4.60Ghz
Motherboard MSI X99A Godlike
Cooling Custom watercooling loop, single D5 -> CPU, dual D5 -> GPU's
Memory 64GB DDR4-3000
Video Card(s) 2 x 1080Ti @ Stock for the moment (40oC LOAD)
Storage 960GB Mushkin Scorpion Deluxe and 2 x 512GB M.2 SSD RAID0
Display(s) Dual Curved LG 34" Display
Power Supply EVGA 1600W G2
Software Windows 10
Benchmark Scores ALOT
^^ this guy speaks the truth!
 

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
When a browser loads an image, it will never, under any circumstances need to execute that part of the memory. It knows it's data, therefore it does not need to be executed. It's why we have languages like Rust and DEP at a hardware level: to make sure data memory regions are not "executed".
Yes but a lot of stuff is still written in old C/C++ in which if you mess up you tend to mess up quite badly. All it takes is someone to not put in proper bounds checking code and oops, malicious code is spilled out and onto the stack and before you can say "Oh crap" your system is p0wned.
 

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Yes but a lot of stuff is still written in old C/C++ in which if you mess up you tend to mess up quite badly. All it takes is someone to not put in proper bounds checking code and oops, malicious code is spilled out and onto the stack and before you can say "Oh crap" your system is p0wned.
Again, it's in the code, not in the image.
If you people can't tell the difference, I give up. Because I just don't know how to explain it any better.

Edit: Usually if you do not "put in proper bounds checking code" your program will simply segfault and crash. It takes a highly skilled/calculated overflow to provoke an intentional execution outside your designated address space.
 
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
That depends upon what you consider an "image". Do you consider an image just the picture data payload or the picture data payload and the metadata that goes along with it? If someone were to put some data into the metadata portion of the image and include malicious code as part of the metadata and the parser of said metadata had an exploit in which it wasn't checking the bounds properly and thus blindly shoved that data into a buffer without checking the length of it then yes, you can exploit it.
 

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I'm just going to say you're just being stubborn. Because I refuse to believe you're that dumb.

The image may contain the code to remove all the internet from existence; it doesn't matter. The image cannot execute that code. There needs to be another party that points to that code and commands its execution.
 
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs? Because all it takes is something to exploit the image rendering engine and boom, you're done son. Internet Explorer has tons of these exploits. You should read some of the security write-ups on Internet Explorer, you'd never sleep at night. The same goes for Google Chrome which at least the thing is sandboxed so if it were exploited at least the damage is contained.
 
Joined
Aug 20, 2007
Messages
12,977 (2.78/day)
System Name Pioneer
Processor Intel i9 9900k
Motherboard ASRock Z390 Taichi
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory G.SKILL TridentZ Series 32GB (4 x 8GB) DDR4-3200 @ 14-14-14-34-2T
Video Card(s) AMD RX 5700 XT (XFX THICC Ultra III)
Storage Mushkin Pilot-E 2TB NVMe SSD w/ EKWB M.2 Heatsink
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) VGA HDMI->Panasonic SC-HTB20/Schiit Modi MB/Asgard 2 DAC/Amp to AKG Pro K7712 Headphones
Power Supply SeaSonic Prime 750W 80Plus Titanium
Mouse ROCCAT Kone EMP
Keyboard WASD CODE 104-Key w/ Cherry MX Green Keyswitches, Doubleshot Vortex PBT White Transluscent Keycaps
Software Windows 10 Enterprise (yes, it's legit.)
Jesus Christ , an image loaded into memory can contain without doubt code which can then execute on it's own. Just like pretty much everything else.
No, code doesn't just execute on it's own, especially not data formats.

Bug is right. There was an exploit in the XP image handler (and it was REALLY misdesigned) way back when but there has not been one in a very very long time since.

PS: I'm actually a programmer.

Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs?
Nothing to do with the image handler, I assure you. Everything to do with it's millions of ways it can be exploited due to be an insecure browser (think javascript).
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
8,573 (1.54/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
No one has really said the potential image payload will run itself just that the image can contain an additional data payload and that can have nasty consequence's
 
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
There was an exploit in the XP image handler (and it was REALLY misdesigned) way back when but there has not been one in a very very long time since.
Ah yes, the old Windows Metafile (WMF) Image exploit. Who could forget that badly designed format? It was an exploit just waiting to happen.
 

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs? Because all it takes is something to exploit the image rendering engine and boom, you're done son. Internet Explorer has tons of these exploits. You should read some of the security write-ups on Internet Explorer, you'd never sleep at night. The same goes for Google Chrome which at least the thing is sandboxed so if it were exploited at least the damage is contained.
Because IE itself is full of holes and used to be rooted into the Windows kernel. Find a way to execute random code in IE and chances are you don't need elevated privileges, you're already an admin.
Yet again, nothing to do with image formats.

Edit: @dorsetknob instead of liking @trparky 's every post just because he agrees with you, do yourself a favor and read about these things. I guarantee it won't be time wasted.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
8,573 (1.54/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
You fail to acknowledge that image files have in the past have been used as an attack vector. this is a
new image file format and there does exist the potential for malicious payload to be embedded.
Someone or some Agency is or will consider exploring that potential. ( its not unfounded Speculation But unfortunatly a reasonable Expectation)
Who knows (probably the 5 eyes and friends) what exploits are out there in various O/S waiting for hidden payload(s) to exploit

And finally A Sarcastic thanks for suggesting how my like/thanks should be Post awarded
 
Last edited:
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
8,573 (1.54/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
Need I go on? Those are all exploits that can get you just by opening a seemingly innocent image file.
And i will just chuck this in here
Apple O/S Attack Vector just found
Other noteworthy bugs include CVE-2018-4094, a bug in both Sierra and High Sierra discovered by five researchers at Yonsei University in Seoul, South Korea. The memory corruption bug allows remote code execution attacks simply by processing a maliciously crafted audio file.

What's that sound? Oh yeah... that's the sound of me p0wning you.
:roll::roll::roll:o_O
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
11,688 (3.83/day)
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.6Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Corsair H100i V2
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-2T 1.65v
Video Card(s) Sapphire AMD Radeon RX Vega 64
Storage 2x120Gb SATA3 SSD Raid-0, 4x1Tb RAID-5, 1x500GB, 1x512GB Samsung 960 Pro NVMe
Display(s) 1x LG 27UD69P (4k)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898, FIIO Alpen 2 Headphone DAC + Amp
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100, Cherry MX Blues with O-rings
Software Ubuntu 20.04 LTS (Stock 5.4.0-33 kernel)
Benchmark Scores Benchmarks aren't everything.
Jesus christ. You didn't pwn anyone. You proved exactly what was said earlier: It depends on the implementation of the image handler.
Thank you, this is what I've been saying from the start: it's the decoders that should be under scrutiny here, not the image format itself.
Image formats aren't inherently dangerous but, an application not ensuring that the image is actually legit is the problem. It's not a problem with the file format. It's a problem with how the handler (in that case mind you,) processes the image. Blaming image formats for being a target for remote code injection is about as stupid as blaming SQL because applications can't sanitize inputs to prevent SQL injection. Sure, shame on the developer for not catching it but, it has nothing to do with the image formats.

Any poorly written decoder, regardless of data being provided, can be a security hole... and honestly, if you're using something like ImageMagick, you would be getting exactly what you deserve because, it's trash. :)
 
  • Like
Reactions: bug

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Jesus christ. You didn't pwn anyone. You proved exactly what was said earlier: It depends on the implementation of the image handler.


Image formats aren't inherently dangerous but, an application not ensuring that the image is actually legit is the problem. It's not a problem with the file format. It's a problem with how the handler (in that case mind you,) processes the image. Blaming image formats for being a target for remote code injection is about as stupid as blaming SQL because applications can't sanitize inputs to prevent SQL injection. Sure, shame on the developer for not catching it but, it has nothing to do with the image formats.

Any poorly written decoder, regardless of data being provided, can be a security hole... and honestly, if you're using something like ImageMagick, you would be getting exactly what you deserve because, it's trash. :)
Thanks. I was beginning to wonder if English not being my mother tongue is the problem here.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
11,688 (3.83/day)
Location
Concord, NH
System Name Kratos
Processor Intel Core i7 3930k @ 4.6Ghz
Motherboard ASUS P9X79 Deluxe
Cooling Corsair H100i V2
Memory G.Skill DDR3-2133, 16gb (4x4gb) @ 9-11-10-28-108-2T 1.65v
Video Card(s) Sapphire AMD Radeon RX Vega 64
Storage 2x120Gb SATA3 SSD Raid-0, 4x1Tb RAID-5, 1x500GB, 1x512GB Samsung 960 Pro NVMe
Display(s) 1x LG 27UD69P (4k)
Case Antec 1200
Audio Device(s) Onboard Realtek® ALC898, FIIO Alpen 2 Headphone DAC + Amp
Power Supply Seasonic 1000-watt 80 PLUS Platinum
Mouse Logitech G602
Keyboard Rosewill RK-9100, Cherry MX Blues with O-rings
Software Ubuntu 20.04 LTS (Stock 5.4.0-33 kernel)
Benchmark Scores Benchmarks aren't everything.
Thanks. I was beginning to wonder if English not being my mother tongue is the problem here.
People seem to not understand the difference between a data format and a tool that reads said data format. I don't think this is a language barrier but, rather a misunderstanding of what is responsible for what. Data formats really can't be dangerous, it's how they're used that can be. If a tool doesn't want to do proper validation and sanitation, that's on them.
 
Joined
Mar 6, 2017
Messages
1,989 (1.68/day)
Location
North East Ohio, USA
System Name My Super Computer
Processor Intel Core i7 8700K
Motherboard Gigabyte Z370 AORUS Ultra Gaming
Cooling Corsair H55 AIO
Memory 2x8GB Crucial/Micron Ballistix Sport DDR4-2400
Video Card(s) ASUS GeForce GTX1060 6GB
Storage Samsung 970 EVO 500 GB NVMe SSD (System Drive), Samsung 860 EVO 500 GB SATA SSD (Game Drive)
Display(s) HP 2311x and Acer G206HQL
Case CoolerMaster MasterBox Lite 5 RGB
Audio Device(s) On-Board Sound
Power Supply EVGA Supernova 650 G3 Gold
Mouse Logitech M705
Keyboard Logitech Wave K350
Software Windows 10 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Who the heck said that I was talking about the image format itself? Someone is putting words in my mouth and I don't like it!

I am fully aware that there is a difference between the image format the rendering engines that take said image formats and convert them into something us humans can see on our screens. Like, DUH! I'm just pointing out that there have been multiple occasions where someone got something very wrong while parsing said file and it ended up doing something bad. I tend to read the security bulletins when patches are released because, well... just because. Some of them really have sent my palm to my forehead while saying "How the hell did they mess this one up?" to myself.

As for ImageMagick, you do know that ImageMagick is module that is often used on servers combined with PHP to process image uploads. Right? Heck, this site right here probably uses ImageMagick on the backend to resize images. All it would take is someone to upload a malicious image file and the server on which this site is running would be exploited.
 

bug

Joined
May 22, 2015
Messages
7,552 (4.10/day)
Processor Intel i5-6600k (AMD Ryzen5 3600 in a box, waiting for a mobo)
Motherboard ASRock Z170 Extreme7+
Cooling Arctic Cooling Freezer i11
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V (@3200)
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 3TB Seagate
Display(s) HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Security Features ? or will we have to expect sooner or later for this format to be compromised with embedded nastily as Some Current formats "Can BE".
Who the heck said that I was talking about the image format itself? Someone is putting words in my mouth and I don't like it!
In that case, maybe you should read the statement you're backing up more carefully?
 

smillien62

New Member
Joined
Sep 8, 2018
Messages
1 (0.00/day)
I will be happy when ImageMagick and Java ImageIO can handle this new image format av1.
 
Joined
Sep 15, 2011
Messages
5,389 (1.69/day)
Processor Intel Core i7 3770k @ 4.3GHz
Motherboard Asus P8Z77-V LK
Memory 16GB(2x8) DDR3@2133MHz 1.5v Patriot
Video Card(s) MSI GeForce GTX 1080 GAMING X 8G
Storage 59.63GB Samsung SSD 830 + 465.76 GB Samsung SSD 840 EVO + 2TB Hitachi + 300GB Velociraptor HDD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Anker
Software Win 10 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
I love PNG for its looseless quality, but the image size is kinda too big. And the majority of cameras and phones do not support it.
 
Top