Conversation

Notices

1. Embed this notice
   :LiquidBeans: :baba_hera: :LiquidBeans: (alfredohno@0w0.is)'s status on Friday, 29-Sep-2023 04:03:59 JST :LiquidBeans: :baba_hera: :LiquidBeans:

   Perhaps we should consider that the recent webp vulnerabilities are as much webp’s fault as they are the browser’s, if not more, when was the last time you heard of a png or jpg arbitrarily executing code? Why is that even a thing that a bitmap format can do?

   • Embed this notice
     Witchlaser (witchlaser@rubber.social)'s status on Friday, 29-Sep-2023 04:03:56 JST Witchlaser

     in reply to

     @alfredohno

     narcolepsy and alcoholism :flag: likes this.
   • Embed this notice
     cassie (porglezomp@mastodon.social)'s status on Friday, 29-Sep-2023 11:11:17 JST cassie

     in reply to

     • cut the kids in half :azulogo:

     @tomo @alfredohno I’m a huge JXL advocate but it has the exact same issues, potentially worse because the implementation is newer. And to be clear the only reason you don’t hear about JPG and PNG executing arbitrary code is that we had all those disasters a decade ago.

   • Embed this notice
     cut the kids in half :azulogo: (tomo@azumanga.gay)'s status on Friday, 29-Sep-2023 11:11:18 JST cut the kids in half :azulogo:

     in reply to

     @alfredohno@0w0.is this post sponsored by the jpeg xl mafia

     novatorine 🏴🏳️‍⚧️ repeated this.