• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Google and Mozilla Push for AV1 Image Format Adoption, Beats JPEG and HEIC

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Oops Sorry you need to brush up on a few things
if image is loaded or Data into a Browser then the Browser runs the data
Or Do You Dispute that this can Happen ?
Remember the Crypto Coin Mining Browser Contraversity currently Circulating
When a browser loads an image, it will never, under any circumstances need to execute that part of the memory. It knows it's data, therefore it does not need to be executed. It's why we have languages like Rust and DEP at a hardware level: to make sure data memory regions are not "executed".

And let's leave mining out of this, it really has nothing to do with the subject.
There a lot of way to to run an code from within a a file that has the signature of an image (or pretty much everything else) by exploiting the vulnerabilities of the software used to view them. One of the most basic methods is screwing with buffers and overwriting data at locations in memory that are marked as being executable. That's how code gets to "run by itself by simply loading it into memory" , it ain't that complicated.

View attachment 96277

Thank you, this is what I've been saying from the start: it's the decoders that should be under scrutiny here, not the image format itself.
 
Joined
Dec 6, 2005
Messages
10,885 (1.57/day)
Location
Manchester, NH
System Name Senile
Processor I7-4790K@4.8 GHz 24/7
Motherboard MSI Z97-G45 Gaming
Cooling Be Quiet Pure Rock Air
Memory 16GB 4x4 G.Skill CAS9 2133 Sniper
Video Card(s) GIGABYTE Vega 64
Storage Samsung EVO 500GB / 8 Different WDs / QNAP TS-253 8GB NAS with 2x10Tb WD Blue
Display(s) 34" LG 34CB88-P 21:9 Curved UltraWide QHD (3440*1440) *FREE_SYNC*
Case Rosewill
Audio Device(s) Onboard + HD HDMI
Power Supply Corsair HX750
Mouse Logitech G5
Keyboard Corsair Strafe RGB & G610 Orion Red
Software Win 10
PNG is more the newer GIF and JPEG 2000 was too complex and had patent issues.

That does remind me of the patent issues with GIF files. Compuserve owned the rights to GIF, and if you inadvertently stuck a GIF into commercial software, there was a chance they'd come knocking at your door for license $. The patents have long expired on GIF at least, about 10 years ago. For pictures with not too many colors, like windows dialogs and icons, it was a very efficient compression format, certainly compared with .BMP and as far as I know, GIF was lossless.

JPEG is extremely lossy, but flexible and pretty efficient. I'm curious how this compares.
 
Joined
Sep 3, 2017
Messages
239 (0.09/day)
Location
Russia
Processor FX 8320 @4.2 | i7 2600 @3.8 | Xeon W3670 @ 3.6
Motherboard Asus Sabertooth R2.0 | Asus P8Z77-V Deluxe | Gigabyte X58-UD7
Cooling Zalman Performa 10+ | Zalman Performa 11+ | Zalman Performa 10+
Memory Crucial Ballistix Sport XT 32GB @ 1866 | Corsair Vengeance 32GB @1866 | Samsung 24GB @ 1600
Video Card(s) XFX Radeon 390x | Zotac GTX 1070 AMP Extreme | Zotac GTX 980 AMP Extreme
Storage Intel SSD / SAS 15k Fujitsu | Intel SSD / Velociraptors / Hitachi 2TB | Intel SSD / Samsung 1TB
Display(s) Samsung 245T | HP ZR30w | IBM 20" 4x3
Case Chieftec | Corsair Graphite 600T | Thermaltake Xaser IV
Audio Device(s) SB Titanium HD | SB Titanium HD | SB X-fi Elite Pro
Power Supply Thermaltake 875W | Corsair 850W | Thermaltake 1500W
Mouse Logitech | Logitech | Logitech
Keyboard Mitsumi Classic | Microsoft |Microsoft
Software W7 x64 | W7 x64 |W7 x64 / XP x32
Sure, old inefficient JPG is our main problem!

Download current page (save complete to your disk), according to my word processor main article + some comments = 15600 symbols and spaces, ok Unicode is double byte and add little extra html and we got 71 kilobytes. Now lets see to supplemental folder for our nice HTML: 52k of images and 939k of CSS/JS/BS... 1 Mbyte per 20 paragraphs of text and 5 simple ad pictures.

And youtube...

Sure JPG is old and consumes so much traffic...
 
Last edited:
Joined
Mar 26, 2006
Messages
517 (0.08/day)
Location
Stamford, UK
System Name The Money Sink
Processor Intel i7-5960X at 4.60Ghz
Motherboard MSI X99A Godlike
Cooling Custom watercooling loop, single D5 -> CPU, dual D5 -> GPU's
Memory 64GB DDR4-3000
Video Card(s) 2 x 1080Ti @ Stock for the moment (40oC LOAD)
Storage 960GB Mushkin Scorpion Deluxe and 2 x 512GB M.2 SSD RAID0
Display(s) Dual Curved LG 34" Display
Power Supply EVGA 1600W G2
Software Windows 10
Benchmark Scores ALOT
^^ this guy speaks the truth!
 

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
When a browser loads an image, it will never, under any circumstances need to execute that part of the memory. It knows it's data, therefore it does not need to be executed. It's why we have languages like Rust and DEP at a hardware level: to make sure data memory regions are not "executed".
Yes but a lot of stuff is still written in old C/C++ in which if you mess up you tend to mess up quite badly. All it takes is someone to not put in proper bounds checking code and oops, malicious code is spilled out and onto the stack and before you can say "Oh crap" your system is p0wned.
 

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Yes but a lot of stuff is still written in old C/C++ in which if you mess up you tend to mess up quite badly. All it takes is someone to not put in proper bounds checking code and oops, malicious code is spilled out and onto the stack and before you can say "Oh crap" your system is p0wned.
Again, it's in the code, not in the image.
If you people can't tell the difference, I give up. Because I just don't know how to explain it any better.

Edit: Usually if you do not "put in proper bounds checking code" your program will simply segfault and crash. It takes a highly skilled/calculated overflow to provoke an intentional execution outside your designated address space.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
That depends upon what you consider an "image". Do you consider an image just the picture data payload or the picture data payload and the metadata that goes along with it? If someone were to put some data into the metadata portion of the image and include malicious code as part of the metadata and the parser of said metadata had an exploit in which it wasn't checking the bounds properly and thus blindly shoved that data into a buffer without checking the length of it then yes, you can exploit it.
 

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
I'm just going to say you're just being stubborn. Because I refuse to believe you're that dumb.

The image may contain the code to remove all the internet from existence; it doesn't matter. The image cannot execute that code. There needs to be another party that points to that code and commands its execution.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs? Because all it takes is something to exploit the image rendering engine and boom, you're done son. Internet Explorer has tons of these exploits. You should read some of the security write-ups on Internet Explorer, you'd never sleep at night. The same goes for Google Chrome which at least the thing is sandboxed so if it were exploited at least the damage is contained.
 
Joined
Aug 20, 2007
Messages
21,531 (3.40/day)
System Name Pioneer
Processor Ryzen R9 9950X
Motherboard GIGABYTE Aorus Elite X670 AX
Cooling Noctua NH-D15 + A whole lotta Sunon and Corsair Maglev blower fans...
Memory 64GB (4x 16GB) G.Skill Flare X5 @ DDR5-6000 CL30
Video Card(s) XFX RX 7900 XTX Speedster Merc 310
Storage Intel 905p Optane 960GB boot, +2x Crucial P5 Plus 2TB PCIe 4.0 NVMe SSDs
Display(s) 55" LG 55" B9 OLED 4K Display
Case Thermaltake Core X31
Audio Device(s) TOSLINK->Schiit Modi MB->Asgard 2 DAC Amp->AKG Pro K712 Headphones or HDMI->B9 OLED
Power Supply FSP Hydro Ti Pro 850W
Mouse Logitech G305 Lightspeed Wireless
Keyboard WASD Code v3 with Cherry Green keyswitches + PBT DS keycaps
Software Gentoo Linux x64 / Windows 11 Enterprise IoT 2024
Jesus Christ , an image loaded into memory can contain without doubt code which can then execute on it's own. Just like pretty much everything else.

No, code doesn't just execute on it's own, especially not data formats.

Bug is right. There was an exploit in the XP image handler (and it was REALLY misdesigned) way back when but there has not been one in a very very long time since.

PS: I'm actually a programmer.

Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs?

Nothing to do with the image handler, I assure you. Everything to do with it's millions of ways it can be exploited due to be an insecure browser (think javascript).
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,107 (1.26/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
No one has really said the potential image payload will run itself just that the image can contain an additional data payload and that can have nasty consequence's
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
There was an exploit in the XP image handler (and it was REALLY misdesigned) way back when but there has not been one in a very very long time since.
Ah yes, the old Windows Metafile (WMF) Image exploit. Who could forget that badly designed format? It was an exploit just waiting to happen.
 

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Well then tell me why taking Internet Explorer onto the modern Internet is like walking into a less than desirable brothel and walking out with a bunch of STDs? Because all it takes is something to exploit the image rendering engine and boom, you're done son. Internet Explorer has tons of these exploits. You should read some of the security write-ups on Internet Explorer, you'd never sleep at night. The same goes for Google Chrome which at least the thing is sandboxed so if it were exploited at least the damage is contained.
Because IE itself is full of holes and used to be rooted into the Windows kernel. Find a way to execute random code in IE and chances are you don't need elevated privileges, you're already an admin.
Yet again, nothing to do with image formats.

Edit: @dorsetknob instead of liking @trparky 's every post just because he agrees with you, do yourself a favor and read about these things. I guarantee it won't be time wasted.
 

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,107 (1.26/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
You fail to acknowledge that image files have in the past have been used as an attack vector. this is a
new image file format and there does exist the potential for malicious payload to be embedded.
Someone or some Agency is or will consider exploring that potential. ( its not unfounded Speculation But unfortunatly a reasonable Expectation)
Who knows (probably the 5 eyes and friends) what exploits are out there in various O/S waiting for hidden payload(s) to exploit

And finally A Sarcastic thanks for suggesting how my like/thanks should be Post awarded
 
Last edited:
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3

dorsetknob

"YOUR RMA REQUEST IS CON-REFUSED"
Joined
Mar 17, 2005
Messages
9,107 (1.26/day)
Location
Dorset where else eh? >>> Thats ENGLAND<<<
Need I go on? Those are all exploits that can get you just by opening a seemingly innocent image file.
And i will just chuck this in here
Apple O/S Attack Vector just found
Other noteworthy bugs include CVE-2018-4094, a bug in both Sierra and High Sierra discovered by five researchers at Yonsei University in Seoul, South Korea. The memory corruption bug allows remote code execution attacks simply by processing a maliciously crafted audio file.

What's that sound? Oh yeah... that's the sound of me p0wning you.
:roll::roll::roll:o_O
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.80/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
Jesus christ. You didn't pwn anyone. You proved exactly what was said earlier: It depends on the implementation of the image handler.
Thank you, this is what I've been saying from the start: it's the decoders that should be under scrutiny here, not the image format itself.

Image formats aren't inherently dangerous but, an application not ensuring that the image is actually legit is the problem. It's not a problem with the file format. It's a problem with how the handler (in that case mind you,) processes the image. Blaming image formats for being a target for remote code injection is about as stupid as blaming SQL because applications can't sanitize inputs to prevent SQL injection. Sure, shame on the developer for not catching it but, it has nothing to do with the image formats.

Any poorly written decoder, regardless of data being provided, can be a security hole... and honestly, if you're using something like ImageMagick, you would be getting exactly what you deserve because, it's trash. :)
 
  • Like
Reactions: bug

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Jesus christ. You didn't pwn anyone. You proved exactly what was said earlier: It depends on the implementation of the image handler.


Image formats aren't inherently dangerous but, an application not ensuring that the image is actually legit is the problem. It's not a problem with the file format. It's a problem with how the handler (in that case mind you,) processes the image. Blaming image formats for being a target for remote code injection is about as stupid as blaming SQL because applications can't sanitize inputs to prevent SQL injection. Sure, shame on the developer for not catching it but, it has nothing to do with the image formats.

Any poorly written decoder, regardless of data being provided, can be a security hole... and honestly, if you're using something like ImageMagick, you would be getting exactly what you deserve because, it's trash. :)
Thanks. I was beginning to wonder if English not being my mother tongue is the problem here.
 

Aquinus

Resident Wat-man
Joined
Jan 28, 2012
Messages
13,171 (2.80/day)
Location
Concord, NH, USA
System Name Apollo
Processor Intel Core i9 9880H
Motherboard Some proprietary Apple thing.
Memory 64GB DDR4-2667
Video Card(s) AMD Radeon Pro 5600M, 8GB HBM2
Storage 1TB Apple NVMe, 4TB External
Display(s) Laptop @ 3072x1920 + 2x LG 5k Ultrafine TB3 displays
Case MacBook Pro (16", 2019)
Audio Device(s) AirPods Pro, Sennheiser HD 380s w/ FIIO Alpen 2, or Logitech 2.1 Speakers
Power Supply 96w Power Adapter
Mouse Logitech MX Master 3
Keyboard Logitech G915, GL Clicky
Software MacOS 12.1
Thanks. I was beginning to wonder if English not being my mother tongue is the problem here.
People seem to not understand the difference between a data format and a tool that reads said data format. I don't think this is a language barrier but, rather a misunderstanding of what is responsible for what. Data formats really can't be dangerous, it's how they're used that can be. If a tool doesn't want to do proper validation and sanitation, that's on them.
 
Joined
Mar 6, 2017
Messages
3,358 (1.18/day)
Location
North East Ohio, USA
System Name My Ryzen 7 7700X Super Computer
Processor AMD Ryzen 7 7700X
Motherboard Gigabyte B650 Aorus Elite AX
Cooling DeepCool AK620 with Arctic Silver 5
Memory 2x16GB G.Skill Trident Z5 NEO DDR5 EXPO (CL30)
Video Card(s) XFX AMD Radeon RX 7900 GRE
Storage Samsung 980 EVO 1 TB NVMe SSD (System Drive), Samsung 970 EVO 500 GB NVMe SSD (Game Drive)
Display(s) Acer Nitro XV272U (DisplayPort) and Acer Nitro XV270U (DisplayPort)
Case Lian Li LANCOOL II MESH C
Audio Device(s) On-Board Sound / Sony WH-XB910N Bluetooth Headphones
Power Supply MSI A850GF
Mouse Logitech M705
Keyboard Steelseries
Software Windows 11 Pro 64-bit
Benchmark Scores https://valid.x86.fr/liwjs3
Who the heck said that I was talking about the image format itself? Someone is putting words in my mouth and I don't like it!

I am fully aware that there is a difference between the image format the rendering engines that take said image formats and convert them into something us humans can see on our screens. Like, DUH! I'm just pointing out that there have been multiple occasions where someone got something very wrong while parsing said file and it ended up doing something bad. I tend to read the security bulletins when patches are released because, well... just because. Some of them really have sent my palm to my forehead while saying "How the hell did they mess this one up?" to myself.

As for ImageMagick, you do know that ImageMagick is module that is often used on servers combined with PHP to process image uploads. Right? Heck, this site right here probably uses ImageMagick on the backend to resize images. All it would take is someone to upload a malicious image file and the server on which this site is running would be exploited.
 

bug

Joined
May 22, 2015
Messages
13,837 (3.95/day)
Processor Intel i5-12600k
Motherboard Asus H670 TUF
Cooling Arctic Freezer 34
Memory 2x16GB DDR4 3600 G.Skill Ripjaws V
Video Card(s) EVGA GTX 1060 SC
Storage 500GB Samsung 970 EVO, 500GB Samsung 850 EVO, 1TB Crucial MX300 and 2TB Crucial MX500
Display(s) Dell U3219Q + HP ZR24w
Case Raijintek Thetis
Audio Device(s) Audioquest Dragonfly Red :D
Power Supply Seasonic 620W M12
Mouse Logitech G502 Proteus Core
Keyboard G.Skill KM780R
Software Arch Linux + Win10
Security Features ? or will we have to expect sooner or later for this format to be compromised with embedded nastily as Some Current formats "Can BE".
Who the heck said that I was talking about the image format itself? Someone is putting words in my mouth and I don't like it!

In that case, maybe you should read the statement you're backing up more carefully?
 

smillien62

New Member
Joined
Sep 8, 2018
Messages
1 (0.00/day)
I will be happy when ImageMagick and Java ImageIO can handle this new image format av1.
 
Joined
Sep 15, 2011
Messages
6,759 (1.40/day)
Processor Intel® Core™ i7-13700K
Motherboard Gigabyte Z790 Aorus Elite AX
Cooling Noctua NH-D15
Memory 32GB(2x16) DDR5@6600MHz G-Skill Trident Z5
Video Card(s) ZOTAC GAMING GeForce RTX 3080 AMP Holo
Storage 2TB SK Platinum P41 SSD + 4TB SanDisk Ultra SSD + 500GB Samsung 840 EVO SSD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Logitech Hero G502 SE
Software Windows 11 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
I love PNG for its looseless quality, but the image size is kinda too big. And the majority of cameras and phones do not support it.
 
Top