TIL: There is a cursed color in the Kodak ProPhoto RGB color space which, when converted to sRGB using pre-August-2020-Security-Update Android's image conversion routines, causes an integer overflow and a crash due to a rounding error. Some dude accidentally created an image (https://www.flickr.com/photos/gaurav_agrawal/48746079687/) which contains the cursed color on a single pixel. In 2020 if you set this image as your desktop on a Google or Samsung device, the device would brick & lose all onboard data https://www.youtube.com/watch?v=iXKvwPjCGnY

There was an actual IRL SCP / machine basilisk in the world and it remained effective for almost a year

The most amazing part of the video is where the author is trying to figure out if the file was maliciously crafted so he recreates the image from scratch and accidentally kills his phone

This is making me think about making an "irl-basilisks" Github repo containing the Excessively Loud Sunset, Janet Jackson's "Rhythm Nation" and a copy of the EICAR test file. Probably a bad idea because sometime in 2026 I'd wind up including "entirely innocuous image that incorrectly trips neural network CSAM scanners" and then I'd get banned from Github https://mastodon.social/@miah@hachyderm.io/109513848856267780

@mcc I love this idea and I submit the string "+d,+6t,+vu8-", an erroneous UTF-7 string that Python used to happily convert to erroneous Unicode and even erroneous UTF-8.

Python 2 gist from 2014: https://gist.github.com/rspeer/7559750