Questions tagged [image]

For files or formats containing a digital representation of a graphical picture. Not to be confused with [disk-image] or forensic images.

In the infosec space, "image" refers to graphical pictures and their file formats such as jpeg, png, svg, etc.

On-topic security questions include but are not limited to:

confidentiality or privacy issues associated with images,
arbitrary-code-execution vulnerabilities in media libraries,
etc

97 questions

205

votes

6 answers

How secure is 'blacking out' sensitive information using MS Paint?

I'm wondering if it's safe to black out sensitive information from a picture just by using Microsoft Paint? Let's take in this scenario that EXIF data are stripped and there is no thumbnail picture, so that no data can be leaked in such a way. But…

forensics data-leakage image

asked Jun 13 '16 at 22:25

Mirsad

10,005
8
33
53

143

votes

8 answers

Secure way of masking out sensitive information in screenshots?

As a guy working in security/pentest, I regularly take screenshots of exposed passwords/sensitive information. Whenever I report these, I mask parts or complete info as in the sample given below I often wonder, is it possible for someone to…

forensics image

asked Apr 19 '18 at 19:06

xandfury

1,351
3
10
19

votes

4 answers

What aspects of image preparation workflows can lead to accidents like Boris Johnson's No. 10 tweet's 'hidden message'?

The BBC reports that the image Boris Johson posted on Twitter to congratulate Joe Biden contains traces of the text "Trump" in the background. The BBC article links to a Guido Fawkes' article, and when I download the tweet's JPEG, convert to PNG…

image

asked Nov 11 '20 at 01:59

uhoh

1,385
1
11
21

votes

5 answers

Detecting steganography in images

I recently came across an odd JPEG file: Resolution 400x600 and a filesize of 2.9 MB. I got suspicious and suspected that there is some additional information hidden. I tried some straight forward things: open the file with some archive tools; tried…

forensics steganography image

asked Feb 14 '11 at 15:17

Chris

votes

9 answers

Can malware be attached to an image?

I have a small number of employees who use a company computer but these people aren't very tech-savvy. They use an email client and a messaging client. I'm pretty sure they wouldn't click on a .exe or .zip file in an email without thinking, and I…

virus attack-prevention image

asked Apr 07 '14 at 21:39

user2143356

votes

3 answers

Can you recover original data from a screenshot that has been 'blacked out'?

Is there a threat from screenshots with blacked out info? That is can someone take out that aftermarket addition so to speak? For instance I take a screenshot (using MS snipper) Then I 'blur/blackout' some info Is the picture above vulnerable to…

forensics data-leakage image

asked Sep 12 '14 at 14:08

Matthew Peters

3,592
4
21
39

votes

7 answers

If I know the CPU architecture of a target, can I send instructions embedded in an image?

Can I send instructions embedded in an image to a target, if I know his CPU architecture?

image cpu

asked Oct 29 '18 at 01:47

Faminha102

votes

5 answers

Find Virus in an Image File

I just received a .jpg file that I'm almost positive contains a virus, so I have two questions about what I am able to do with the image. My first question originates from the fact that I opened the file once and the program I used to open it gave…

virus image

asked Nov 28 '15 at 21:09

kmecpp

votes

1 answer

JPEG artifacts leaking information about redacted contents

It was mentioned that JPEG should not be used between image creation and redaction of sensitive contents, because compression artifacts around the redacted area may leak information. Given how this lossy format works, this makes sense. Is there any…

forensics compression image

asked Apr 20 '18 at 07:10

forest

64,616
20
206
257

votes

2 answers

How to prevent XSS in SVG file upload?

Currently assessing an application, I found out that it is possible to submit an SVG file containing JavaScript (the app is also vulnerable to XXE). I wondered if there was a method to prevent those vulnerabilities and secure the SVG submission…

xss javascript file-upload image svg

asked Jan 16 '17 at 10:40

Nokosi Pow

votes

2 answers

Is there a way to execute XSS in an HTML img tag with SVG?

Is there a working technique to execute XSS in modern browsers using a SVG file displayed on a web page with an tag? I know a way to execute without