On 02/10/2019 18.47, Carl Fink wrote: > On Wed, Oct 02, 2019 at 05:55:32PM +0200, ??tienne Mollier wrote: > >> I don't believe MP3 allows executable code by specifications >> either, so shouldn't the PNG image format. But think of DSA >> 4435 which affected libpng earlier this year. When the OS >> library for handling multimedia has flaws, if an HTML email >> embeds a specifically crafted PNG image inlined in the content, >> then you wouldn't even have to hit the ???preview??? button to be >> screwed: > That would logically apply to ASCII text as well. Indeed, Injection of control codes in a plain text email, if those are improperly escaped along the way, may mangle the terminal of the unsuspecting user. ;) That takes a lot of "if"s though... -- Étienne Mollier <etienne.mollier@mailoo.org> Fingerprint: 5ab1 4edf 63bb ccff 8b54 2fa9 59da 56fe fff3 882d
Attachment:
signature.asc
Description: OpenPGP digital signature