Crouching Tiger - Hidden Payload: Security Risks of Scalable Vectors Graphics
Mario Heiderich, Tilman Frosch, Meiko Jensen, Thorsten Holz
18th ACM Conference on Computer and Communications Security (CCS), Chicago, IL, October 2011
Scalable Vector Graphics (SVG) images so far played a rather small role on the Internet, mainly due to the lack of proper browser support. Recently, things have changed: the W3C and WHATWG draft specifications for HTML5 require modern web browsers to support SVG images to be embedded in a multitude of ways. Now SVG images can be embedded through the classical method via specific tags such as <embed> or <object>, or in novel ways, such as with <img> tags, CSS or inline in any HTML5 document.