Upvoted for the reference in the head/subhead.
...this is hardcore journalism, but I wonder if the common people will get it?
Researchers are warning about a newly discovered security vulnerability in a popular open-source JPEG 2000 parser that could let corrupted image files trigger remote code execution. Cisco-owned security firm Talos warns that by embedding a malformed image file into a web page, PDF file, or email message, an attacker could gain …
What happens if a malicious page just puts a JPEG 2000 image in a web page?
Obviously the vulnerability is only when the vulnerable "OpenJPEG" decoder is used. So does any web browser use it natively? I found a page saying no one was adopting JPEG 2000, but the page is from 2007. Apparently it was or is supported in Safari... the question is how.