WEBP (and AVIF possibly) as attachments

Status
Not open for further replies.
Perseonn

Perseonn

Young Hero
Level 1
Joined
Jan 22, 2025
Messages
48
Reaction score
72
Points
127
Can we please have WEBP image format as a possible image attachment? It's smaller and better than JPG in every aspects (but printing). At this age, all major browsers have already support it, and all OS should also have already support it.

PS: I'd like AVIF too if possible since it's also a great format, but has a lower compatibility.
 
Upvote -2 Downvote
The reason user-uploaded WebP images are not supported on most websites is due to CVE-2023-4863, a serious security vulnerability in libwebp (a lib used by most programs to display WebP images) that can impact users. If exploited, it can lead to virus infections on both users devices and servers.

Unfortunately, the vulnerable version of libwebp is still widely used in many environments today (anything before before September 2023, though up-to-date browsers are safe).
If malware is embedded in a user-submitted WebP image and that image is saved to hard disk, the malware could execute as soon as it is opened by any program that uses the outdated version of libwebp to display it. (a real security threat!)

That said, WebP images from trusted sources (such as those created by site owners themselves) pose no problem. However, if they come from unknown sources, it's best to practice caution.

Edit: The news about this threat was quite bold for a while, but it doesn't seem to be exploited in reality, so it's possibly less serious than i thought at first.
I thanks @Perseonn for making me aware of this fact.
 
Last edited by a moderator:
JustLooking123 said:
The reason user-uploaded WebP images are not supported on most websites is due to CVE-2023-4863, a serious security vulnerability in libwebp (a lib used by most programs to display WebP images) that can impact users. If exploited, it can lead to virus infections on both users devices and servers....
Click to expand...
I'm sorry if this sounds to downplay it, but does it have a real world case? Is it many? Is it still exploited now?
 
Edit: The information provided in this comment was based on a misinterpretation on my side. After checking again, I couldn't find any instances of it being exploited in reality.

Unfortunately, it seems it has indeed been exploited in the wild, and highly visited sites are prime targets for these kinds of exploits.

However, considering that uploading WebP images as files is supported right now, displaying them directly on pages as image might actually be a safer approach! as some users might open them in old image viewer programs!

But at least users would have a choice to do so or not, on the other hand, if they are displayed as image in pages and any user with a browser older than the mentioned date opens the page, and there's malware in the image, it will be executed without any warning.

Users with older browsers are not uncommon in some places, though you could argue it's their responsibility to update.
As a side note, I think this restrictions will be globally loosened in a few years, but a year or two, might be too fast.

I love the WebP format so much myself... it's a sad situation... ?
 
Last edited:
I disabled them for a technical issue I haven't been able to fix.
The Imagemagick PECL extension is not able to create the thumbnails and they show up as links instead.
 
JustLooking123 said:
Unfortunately, it seems it has indeed been exploited in the wild, and highly visited sites are prime targets for these kinds of exploits.
Click to expand...
I haven't found any news about famous website victims. If you have an article about it, please give it to me as it would be a good read.

JustLooking123 said:
However, considering that uploading WebP images as files is supported right now, displaying them directly on pages as image might actually be a safer approach! as some users might open them in old image viewer programs!
Click to expand...
Webp is actually uploadable ATM, but the website only then blocks the attempt (instead of downright rejecting the upload). Additionally, I don't think any user will try to open webp with old image viewer. You either confused about the downloaded image, use a modern program (Like Xnview), or head to web services to convert it to other files.

Spike said:
I disabled them for a technical issue I haven't been able to fix.
The Imagemagick PECL extension is not able to create the thumbnails and they show up as links instead.
Click to expand...
Oh, I see. I hope the situation can be resolved. I don't mind reconverting my images, but it's such an extra step to post stuffs. Thanks for the response!
 
Perseonn said:
I haven't found any news about famous website victims. If you have an article about it, please give it to me as it would be a good read.
Click to expand...
Oh my god! you are right! It seems i misread an article long time ago! after reading it again, looks like it was about potential attacks, not real attacks!
Thank you for bringing this to my attention, as i was living with this belief for a long time!
I feel so embarrassed! a fatal mistake on my side. (melting from embarrassment ?)

Edit: I have edited my above post to mention this error of mine.
 
Last edited:
In here you can see from when it was enabled that webp
shows up but as a link
vuffy

Anime Post in thread 'Post Your waifu'

Mine are choices

Minmay from macross
View attachment MinmayCoverOld.webp
or
View attachment Ranko_af2.webp
or
Alice from "Please save my earth"
unnamed.jpg
  • Like
  • Heart
it's like the forum fails to create the thumbnails.
when i tried asking Xenforo they told me it was not the forum fault and can't help with it.
That something is wrong with my installation.
But I did follow the installation procedure without errors.
So yeah. I'm stuck on webp.
 
Spike said:
In here you can see from when it was enabled that webp
shows up but as a link
vuffy

Anime Post in thread 'Post Your waifu'

Mine are choices

Minmay from macross
View attachment MinmayCoverOld.webp
or
View attachment Ranko_af2.webp
or
Alice from "Please save my earth"
unnamed.jpg
  • Like
  • Heart
it's like the forum fails to create the thumbnails.
when i tried asking Xenforo they told me it was not the forum fault and can't help with it.
That something is wrong with my installation.
But I did follow the installation procedure without errors.
So yeah. I'm stuck on webp.
Click to expand...
you most likely need libwebp-dev when compiling the imagick extension for php to support webp.
 
starseeker300 said:
ok but seriously please dont add this, that image format is a pain in the rear
Click to expand...
For me keeping JPG compliance (to keep small filesize) is quite cumbersome as I have all my lossy work process around WEBP.

PS: from my experience on questioning people with this sentiment, all of them don't have an up-to-date PC. Please update your PC and if you can, use a better image viewer like Xnview.
 
Perseonn said:
For me keeping JPG compliance (to keep small filesize) is quite cumbersome as I have all my lossy work process around WEBP.

PS: from my experience on questioning people with this sentiment, all of them don't have an up-to-date PC. Please update your PC and if you can, use a better image viewer like Xnview.
Click to expand...
Have you ever considered a possibility that not everybody can afford to have an up-to-date PC? /gen
 
fake-kun said:
Have you ever considered a possibility that not everybody can afford to have an up-to-date PC? /gen
Click to expand...
Absolutely, I work as a technician too, so these PCs are dime a dozen in my line of work. Just hoped that the users have the decency to understand that they are behind times.

Would be funny of anyone younger than me is behind on their PC tho.
 
Perseonn said:
Absolutely, I work as a technician too, so these PCs are dime a dozen in my line of work. Just hoped that the users have the decency to understand that they are behind times.

Would be funny of anyone younger than me is behind on their PC tho.
Click to expand...
What kind of "decency"? You speak as if they're immoral or something.
 
omg, the image format warriors have arrived, just ignore them, spike has spoken
Fight Fight Fighting GIF by Zypto
 
It's not working right for a technical issue.
When a solution is found it will be enabled. @Perseonn
 
Status
Not open for further replies.

Users who are viewing this thread

Total: 1 (members: 0, guests: 1)

Connect with us

Featured Video

Gintama Rumble (VITA)

Latest Threads

Anyone into star trek?

1746482330442.png


I revisit voyager often but i like the next generation and have finished up...
Read more

YTPMV Thread (oh no)

YTPMVs (short for "YouTube Poop Music Video") are a weird kind of phenomenon where...
Read more

Ecco the dolphin 1 and 2 getting remastered, ecco the dolphin 3 announced.

Goofy ah question abt The House of the Dead

Can I play this game without the light gun?
Read more

Duplicate thread detection thread

Want to make a thread but suspect it was done already?
just post your planned thread and wait...
Read more

Online statistics

Members online
159
Guests online
194
Total visitors
353
Totals may include hidden visitors.

Forum statistics

Threads
7,549
Messages
187,518
Members
549,429
Latest member
niloalavedra1983

Support us

Support us!
Back
Top