On our install, we ran into an issue where Download local images seems to have corrupted the image it downloads.
The link was 
I can try hotlinking the image here to see if it reproduces on meta:
A separate related issue: If you revert to the hotlinked revision, the download local images job comes in and re-downloads. I’m wondering if maybe it shouldn’t.
That’s the link to the bad one. It looks like the SVG has all of the parts, but every color has been turned into black. Well, more accurate might be all of the fill/stroke attributes appear to be stripped out.
Here’s an uploaded version of (what I assume is?) the same svg image:
It looks like the process of uploading is breaking the file, somehow. You can run a diff on the original I found on wikipedia: https://upload.wikimedia.org/wikipedia/en/d/d2/Stitch_(Lilo_%26_Stitch).svg
Doing so, it looks like removing linebreaks somehow busted this? The data appears the same, but everything has been moved to a single line rather than being multi-line? Can anyone verify my analysis is correct here?
The wikipedia one has a <style> block with fill colors for each of the paths.
<style type="text/css">
.st0{fill:#231F20;}
.st1{fill:#5272A6;}
.st2{fill:#9D74A0;}
.st3{fill:#0D2953;}
.st4{fill:#6AC5E0;}
.st5{fill:#F2F3B7;}
.st6{fill:#782740;}
.st7{fill:#DF4D72;}
.st8{fill:#BB506F;}
.st9{fill:#1B4A7D;}
.st10{fill:#A8E3FA;}
</style>
Absent that, everything is just black.
Yeah, the removal of the style block makes that happen. Easy to repro opening the original and disabling the styles on DevTools.
Style isn’t whitelisted here:
The question is: should it be, or it open another vector of attack?
You can load URLs from CSS. With ImageMagick, this includes such URLs as file:/etc/passwd (not quite the right syntax, but you get the idea) etc etc.
We would need to get a CSS parser and sanitizer added to process the style contents.