>>6461145 /meta board post
posting here for Anons
cont'd "BE VIGILANT!"
->as primarily an image board and "We Are QNN" and #2 most attacked …
PROTECT OUR HIVE, A complexity of issues for QAnons, Qresearch, & 8ch:
re: -CASE for BAN certain GRAPHICS, yet not affect our MEMEweapons:
>>6149861 /meta
Perhaps this is covered in the general "lag" complaints.
>However, I'd like to inquire about a specific issue that I'm having
>with the graphics on the board.
"PNGs seem to be most heavily affected, not downloading at all
for the most part. Some jpg and jpeg files will download.
I've been unable to even sideload many of the files.
>Perhaps I'm dumb and this post was dumb. Either way.
->>>>Seems the Global on moving to PNGs may have driven us into a corral. <<<<<-
>>6163676 /meta BO, will post this to /sudo
->"moving to PNGs may have driven us into a corral."<-
Personally noted a recent update on my LINUX Desktop systems for PNG.
-Specifically NOTED: "Vulnerability Warning:"
libpng versions 1.6.36 and earlier have a [use-after-free]
bug in the simplified libpng API png_image_free()."
It has been assigned ID CVE-2019-7317
The vulnerability is fixed in version 1.6.37, released on 15 April 2019
"PNG library - runtime (version 1.6)" libpng is the official PNG reference library.
It supports almost all PNG features, is extensible,
and has been extensively tested for over 23 years.
->The assigned ID CVE-2019-7317:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7317
-DEBIAN Linux Details {DSA-4435-1 libpng1.6 – security update}:
A [use-after-free] vulnerability was discovered in the png_image_free() function
in the libpng PNG library,
-which could lead to denial of service or potentially the execution of arbitrary code
if a malformed image is processed.
https://www.debian.org/security/2019/dsa-4435
-UBUNTU Security details {USN-3962-1: libpng vulnerability}:
Summary
libpng be made to crash or run programs if it opened a specially crafted file.
Software Description
libpng1.6 - PNG (Portable Network Graphics) file library
Details
It was discovered that libpng incorrectly handled certain memory operations.
If a user or automated system were tricked into opening a specially crafted PNG file,
a remote attacker could use this issue to cause libpng to crash,
resulting in a denial of service, or possibly execute arbitrary code.
https://usn.ubuntu.com/3962-1/
-GITHUB documents replication details {Use after free #275}:
https://github.com/glennrp/libpng/issues/275
for ref; all /meta
>>6161926 <BAN "JPEG" uploads / injections; {will post in General for Anon Eyes}
>>6163397 <a method using stegonograpy to embed malicious code into a jpeg (or png I believe)
>>6163510 <files produced by a tool like stegosploit are what is called a polyglot
>>6163642 <this pic is an example