A new security flaw was detected and adequately named Acropalypse.app which affects the Windows 11 Snipping Tool and Google Pixel phones.
Does or can that happen in GraphicConverter?
1) If so with which methods/settings can cropped portions survive in the file?
2) Which methods/settings ensure that cropped portions do not remain in the saved file?
[Solved] Security: Does cropping a PNG or JPEG in GC leave cropped image parts in file forensically restorable?
[Solved] Security: Does cropping a PNG or JPEG in GC leave cropped image parts in file forensically restorable?
Last edited by porg on Fri Mar 24, 2023 3:19 pm, edited 2 times in total.
-
forum_adm
- Site Admin
- Posts: 1714
- Joined: Fri Dec 23, 2016 9:41 am
- Location: Germany
- Country: Germany
Re: Security: Does cropping a PNG or JPEG with GraphicConverter leave cropped image parts in file forensically restorabl
There are two cases:
1) Images without an alpha channel. The image data in memory and after saving as PNG etc. contains only the visible part.
2) Images with parts that are masked by an alpha channel. This parts can be restored if you display the image without an alpha channel.
But you can use the following function to make that impossible:
1) Images without an alpha channel. The image data in memory and after saving as PNG etc. contains only the visible part.
2) Images with parts that are masked by an alpha channel. This parts can be restored if you display the image without an alpha channel.
But you can use the following function to make that impossible:
- Screenshot 2023-03-23 at 15.49.01.jpg (297.1 KiB) Viewed 293 times
I am relieved!
Ad 1) As GC in most "export/save modes" uses compression / data-saving methods, I would have wondered, if it leaves cropped chunks intact in file. But was not 100% sure, thought under certain circumstances some portions may survive. Glad to read your confirmation!
Also incredible that exactly among top major IT corporations like Google and Microsoft such negligent flaws have happened!
Ad 2) Thanks for pointing out that special corner case! And also offering the "flatten" method as a way to mitigate that.
Curiosity question: How does that technically work: Instead of saving a full rectangular image plus a separate alpha mask, it simply saves an image with an alpha channel (that is per each pixel in addition to the 8bit per R, G, B also another 8bit of transparency info). Right?
Also incredible that exactly among top major IT corporations like Google and Microsoft such negligent flaws have happened!
Ad 2) Thanks for pointing out that special corner case! And also offering the "flatten" method as a way to mitigate that.
Curiosity question: How does that technically work: Instead of saving a full rectangular image plus a separate alpha mask, it simply saves an image with an alpha channel (that is per each pixel in addition to the 8bit per R, G, B also another 8bit of transparency info). Right?
-
forum_adm
- Site Admin
- Posts: 1714
- Joined: Fri Dec 23, 2016 9:41 am
- Location: Germany
- Country: Germany
Re: Security: Does cropping a PNG or JPEG with GraphicConverter leave cropped image parts in file forensically restorabl
1) A cropped image is always saved without the cropped parts.
GraphicConverter recreates the JPEG Exif thumbnail, too. So, only if you check the checkbox "Save with original Exif" (which is off by default) - the original uncropped thumbnail is stored.
GraphicConverter recreates the JPEG Exif thumbnail, too. So, only if you check the checkbox "Save with original Exif" (which is off by default) - the original uncropped thumbnail is stored.
-
forum_adm
- Site Admin
- Posts: 1714
- Joined: Fri Dec 23, 2016 9:41 am
- Location: Germany
- Country: Germany
Re: Security: Does cropping a PNG or JPEG with GraphicConverter leave cropped image parts in file forensically restorabl
2) Yes, RGB pixel with alpha is normally stored as ARGB or RGBA depending on the format. So, you just have four components per pixel instead of three.
Re: Security: Does cropping a PNG or JPEG with GraphicConverter leave cropped image parts in file forensically restorabl
Thanks for the all the additional infos. No more concerns at all!