2029 Headline: Worlds largest data breach caused by zero day exploit in popular PNG 3.0 renderer
the payload was reportedly embedded in an animated image of the attacker repeatedly flicking his left testicle
Ouch
I bet it was a single flick and he ran it on a loop.
Animated PNG has been trying to be an extension to the PNG spec for 20+ years.
Right there's actually like a select few applications that support it which is cool, but so many get confused when they see an apng file with frames.
They should have let it die because nearly everything else is nowadays somehow better:
https://en.wikipedia.org/wiki/PNG#Comparison_with_other_file_formats
did you read your own source before posting this comment?
Yes? Did you?
Example:
AVIF
AVIF is an image format developed by the Alliance for Open Media. AVIF was designed by the foundation to make up for the shortcomings of other image codecs, including PNG, GIF, and WebP.
AVIF is generally smaller in size than both WebP and PNG. AVIF supports animation while PNG does not.
What are u saying bro, itz still my go to option for transparency saves!, I don't exactly know the details of the update but I am happy they are showing it some love
I absolutely hate WebP. Worst format ever.
What's wrong with webp? It support animation, lossless compression, lossy compression and transparency. Animation has a smaller size than gif.
Maybe I'm just a newb, but it still looks like PNG is the goto to ensure lossless image storage.
Everything else on that list that is "better" does/can do lossy compression. I'm not sure how to force apps to use lossless compression, so to me, all those lossy-capable formats are a drawback.
But is it backwards compatible with an old version that can't be updated?
Yeah, this was my first thought. How many slightly older, no-longer-being-updated pieces of software will fail to open the new version? Hopefully it’s built in a way that it just falls back to legacy and ignores the extra information so you can at least load the file.
Popular photo and video editing apps like Photoshop, DaVinci Resolve, and Avid Media Composer already support it, alongside Chrome, Safari, and Firefox. Apple’s iOS and macOS also work with the new file standard.
This is all the article mentions. I hope you’re right about the backwards compatibility.
I remember the Wild West Web days when it was a toss up seeing if animated Gifs, transparencies in images, or the specific hexadecimal for your personal shade of purple you created would render properly between browsers.
I mean, that's already how animated .gifs work. If somehow you manage to load one into a viewer that doesn't support the animation functionality it will at least dutifully display the first frame.
How the hell you would manage to do that in this day and age escapes me, but there were a fair few years in the early '90s where you might run into that sort of thing.
Speaking for animation, your browser probably already supports APNG. APNG is 21 years old and has decent adoption. But it’s officially part of the club.
That said, APNGs are fat as fuck and they’re a pretty old solution to animated graphics with an alpha channel. Don’t expect to see everyone making APNGs all of the sudden. There is a reason why people have kept it at a distance.
Some of this is paving the cowpath - the animated PNG stuff is 20 years old and e.g. Firefox has had support since March 2007.
The PNG format is made of chunks that have determined roles, and provides provisions for newer "standardized" chunks alongside the custom chunks it had supported until now. It is likely that PNG made with newer software that does not use new features, or uses only additional features, will remain readable by older software to some extent.
I'm probably gonna be massively downvoted for saying the forbidden word but I asked AI to do a summary with references of the forward and backward compatibility of PNG's new version:
!
Based on recent search results, the new PNG specification (Third Edition) and its reference library (libpng) maintain strong backward compatibility while introducing modern features. Here's a detailed compatibility analysis:
png_struct/png_info internals since 1.5.0) ensures older apps using png_get_*/png_set_* functions remain compatible. Direct struct access, deprecated since 1.4.x, may break in libpng 2.0.x (C99-only) .png_image_free()) were patched in libpng 1.6.37+, making the new lib safer for decoding old files .IHDR or IDAT remain unchanged .mDCv chunk. Older libs ignore HDR data, falling back to SDR, which may cause color inaccuracies .eXIf chunks are ignored by legacy decoders, losing metadata like GPS or copyright info .| Scenario | Compatibility | Key Considerations |
|---|---|---|
| Old PNG → New Lib | ✅ Excellent | Legacy files work flawlessly; security improved. |
| New PNG → Old Lib | ⚠️ Partial | Basic rendering works, but HDR/APNG/EXIF ignored. Security risks in unpatched versions. |
| New Features | 🔧 Conditional | Requires updated apps (e.g., Photoshop, browsers) and OS support . |
For developers: Use png_get_valid(png_ptr, info_ptr, PNG_INFO_mDCv) to check HDR support and provide fallbacks .
!<
I could have sworn animated pngs were a thing in the Macromedia Fireworks days. Really dating myself with that ref.
There were two different animated PNG extensions, MNG and APNG. Neither of them ever really caught on. I guess they're hoping to do better by baking it into the core spec.
APNG is what they're using in v3, so all many libraries need to do* is update that code for HDR.
* surely that's easy, right?
I mean, on a Linux system that's not riddled with flatpak / snap / ... You'd basically only need to update libpng and you'd be good.
I miss the days when all the cool websites used Flash. I think Macromedia killed it for some reason. Probably because it had security flaws, back then it was pretty bandwidth-intensive too, but it made for some dynamic web designs.
Flash had a myriad of problems. Web devs celebrated its death.
Flash was a security nightmare all round, not counting the security flaws. It was just designed without any security features. It was also terribly inefficient at its core job, that was supposedly vector animation. It filled a gap in a time where browser and standards where not that advanced.
Over time, Flash issues where never resolved, but the bloatness of the software kept increasing. Along the way, HTML got better specs, JavaScript got vast improvement, especially in everyone adhering to roughly the same standard (thanks microsoft for finally caving in…), and so the flash interpreter was highly redundant with the browser itself.
For a while flash editors could export in HTML5 and you'd get roughly the same result, but with a fraction of the resources requirements, so naturally there was little incentive to keep the flash player around.
I'm not sure if "killing flash" could be attributed to their author, or to the loss of interest.
Also note that alternative flash players exists to still play older swf files, and some sites uses them alongside with plain video conversion for flash animations that weren't dynamic.
The current situation with megabytes of JavaScript is pretty bad, but at the time, there was still a fair bit of dialup active, and mobile web was just starting to be a thing - on EDGE and barely 3G. It would take minutes to load.
Also, Steve Jobs had it in for Flash and that’s what ultimately killed it off, I think.
Jxl train choo choo
Fracturing support for a legacy format makes so much more sense than actually supporting a modern format like JXL, right?
If this actually stands a chance of taking off, I'll honestly take what I can get to normalise HDR images
PNG PNG!
Now if anyone don't mind explaining, PNG vs JXL?
JXL is badly supported but it does offer lossless encoding in a more flexible and much more efficient way than png does
Basically jxl could theoretically replace png, jpg, and also exr.
Interestingly, I downloaded GNOME's pride month wallpaper to see what it looked like, and the files were JXL. Never seen them in the wild before that
Goodbye gif hello png?
gif almost got replaced by mp4 anyway during the early imgur era
HDR capable PNGs that don't look shite on SDR displays? Sign me up!
This is a most excellent place for technology news and articles.
