undefined | Better HN

0 pointsstefan_3y ago0 comments

Now that sounds like a truly terrifying, terrible idea.

0 comments

That seems to be how one of the exploits from a year or two ago worked.

It exploited an archaic Xerox format parser to make its own virtual machine, and then went out from there.

So I'd agree, throwing anything on a webpage (or incoming message) into the "Can you parse this weird thing?" pipeline is a bad idea!

JBIG2 is a mandatory part of PDF, not its own weird image format. (Though I think it's also allowed in TIFF files and those might count as weird.)

j / k navigate · click thread line to collapse

That seems to be how one of the exploits from a year or two ago worked.

It exploited an archaic Xerox format parser to make its own virtual machine, and then went out from there.

So I'd agree, throwing anything on a webpage (or incoming message) into the "Can you parse this weird thing?" pipeline is a bad idea!

JBIG2 is a mandatory part of PDF, not its own weird image format. (Though I think it's also allowed in TIFF files and those might count as weird.)

j / k navigate · click thread line to collapse