Vulnerability Development: Re: Infected jpeg files?

[<jove () gaza halo nu>]

R Ginski,

        If there was some sort of buffer overflow/other way of causing the
code to function in a manner inconsistant with it's design due to the
content/formatting of the .jpg image then yes, there could be a payload
designed to be set off upon viewing of the .jpg image.  Otherwise, the
.jpg image specifies (simplified) values of pixels in a compressed format
and thus the .jpg specification does not include the ability to run code
by default.

-Jove

On 7 Nov 2001 rginski () co pinellas fl us wrote:

> Mailer: SecurityFocus
>
> Is it possible for a virus to infect a jpeg (*.jpg) file,
> then the jpg file to infect other files?...without
> changing the files characteristics? In other words, a
> jpeg file (file.jpg) is infected and it
> remains "infected_file.jpg". It is possible for a file type
> as jpeg to have a payload or cause damage although
> it's just being viewed? Perhaps something like
> steganagraphy...except embedding vbs (or
> something) causing infection by way of the viewer? I
> guess another way of asking the question is:
>
> Is it possible to get infected by just viewing jpeg files?
>
> I realize that's a "wide open question" I just don't
> know how else to explain myself. Thanks in advance
> for your patience and help.