[aerovistae]

I was about to "Save as..." when suddenly it struck me that this would be an incredible bait to spread a virus.

[kingcharles]

Too late. You already download an image into your cache when you view it.

[soheil]

An image virus? Please do elaborate.

[Moru]

"Buffer Overrun in JPEG Processing (GDI+) Could Allow Code Execution (833987)" [0]

[0] https://docs.microsoft.com/en-us/security-updates/SecurityBu...

[soheil]

It's bizarre to claim image viruses exist today when you link to a nearly 20 year old article about a buggy OS.

[Moru]

If it happened in the worlds most used client OS 20 years ago, it's clearly not impossible it can happen again. Not that much has happened with computers since then.

I remember being like you, believing no virus could come from an image or other data. I have been proven wrong enough times since then. We keep assuming things as programmers and sometimes we get it wrong and then there is a new wulnerability.

[pvillano]

there was a more recent case with image metadata parsing that, when the author tried to report it, the image also broke youtrack

[lgats]

using "filename" within the "Content-Disposition" header, you could theoretically trick a user into downloading a non-image file despite the url containing lisa.jpg

I think certain browsers have security limits on the file-extensions you download, which may include when image->"save as" is used.

[chunkyks]

Don't forget that you can literally concatenate jpegs and zipfiles [header at start of jpeg, but at end of zipfile], so the valid jpeg can also be a valid zipfile.

Combine that with something like Safari's insistence at automatically exploding zipfiles on download, and you got yourself a party.

[cagr]

screenshotted it instead