Privacy

3507 readers

225 users here now

Welcome! This is a community for all those who are interested in protecting their privacy.

Rules

PS: Don't be a smartass and try to game the system, we'll know if you're breaking the rules when we see it!

Be civil and no prejudice
Don't promote big-tech software
No apathy and defeatism for privacy (i.e. "They already have my data, why bother?")
No reposting of news that was already posted
No crypto, blockchain, NFTs
No Xitter links (if absolutely necessary, use xcancel)

Related communities:

Some of these are only vaguely related, but great communities.

founded 9 months ago

MODERATORS

fxomt@lemmy.dbzer0.com

otter@lemmy.ca

shaytan@lemmy.dbzer0.com

fxomt@piefed.social

Adult sites are stashing exploit code inside racy .svg files (arstechnica.com)

submitted 6 days ago by sabreW4K3@lazysoci.al to c/privacy@lemmy.dbzer0.com

25 comments fedilink hide all child comments

you are viewing a single comment's thread
view the rest of the comments

[–] CeeBee_Eh@lemmy.world 1 points 3 days ago

I don't think you understand how exploits work. We're not talking about "running JS in an image viewer".

https://blog.cloudflare.com/inside-imagetragick-the-real-payloads-being-used-to-hack-websites-2/

https://www.bitdefender.com/en-us/blog/hotforsecurity/openjpeg-vulnerability-allows-execution-of-malicious-code-using-crafted-images

that requires the given parser (the web browser, the image lib, etc) to arbitrarily run code in the first place

At the most base level, every image is data, and any data can theoretically be code. The image's data has to be parsed (like you said) and the parser can be exploited to trigger code execution.