I was hoping for some sort of image or binary processing exploit too, but the attack just uses a Postgres vulnerability to execute arbitrary shell code. [0][1] The fact that the executed code was buried in an image seems to just be a camouflage step for the attacker.