diff --git a/INSTALL/old/INSTALL.ubuntu1604.with.webmin.txt b/INSTALL/old/INSTALL.ubuntu1604.with.webmin.txt
index 42fb87062..277937f9a 100644
--- a/INSTALL/old/INSTALL.ubuntu1604.with.webmin.txt
+++ b/INSTALL/old/INSTALL.ubuntu1604.with.webmin.txt
@@ -36,7 +36,7 @@ sudo mysql_secure_installation
 
 
 # Install PHP and dependencies
-sudo apt-get install libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml
+sudo apt-get install libapache2-mod-php php php-cli php-crypt-gpg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-gd
 
 # Apply all changes
 sudo systemctl restart apache2
diff --git a/app/Controller/AppController.php b/app/Controller/AppController.php
index 6973b288d..47b150e1c 100755
--- a/app/Controller/AppController.php
+++ b/app/Controller/AppController.php
@@ -46,7 +46,7 @@ class AppController extends Controller
 
     public $helpers = array('Utility', 'OrgImg', 'FontAwesome');
 
-    private $__queryVersion = '64';
+    private $__queryVersion = '65';
     public $pyMispVersion = '2.4.103';
     public $phpmin = '7.0';
     public $phprec = '7.2';
diff --git a/app/Controller/AttributesController.php b/app/Controller/AttributesController.php
index e9c8b0128..4f743dcc4 100644
--- a/app/Controller/AttributesController.php
+++ b/app/Controller/AttributesController.php
@@ -1174,15 +1174,15 @@ class AttributesController extends AppController
         if (!$this->Attribute->exists()) {
             throw new NotFoundException('Invalid attribute');
         }
+        $conditions = array('conditions' => array('Attribute.id' => $id), 'withAttachments' => true, 'flatten' => true);
+        $conditions['includeAllTags'] = false;
+        $conditions['includeAttributeUuid'] = true;
+        $attribute = $this->Attribute->fetchAttributes($this->Auth->user(), $conditions);
+        if (empty($attribute)) {
+            throw new MethodNotAllowedException('Invalid attribute');
+        }
+        $attribute = $attribute[0];
         if ($this->_isRest()) {
-            $conditions = array('conditions' => array('Attribute.id' => $id), 'withAttachments' => true, 'flatten' => true);
-            $conditions['includeAllTags'] = false;
-            $conditions['includeAttributeUuid'] = true;
-            $attribute = $this->Attribute->fetchAttributes($this->Auth->user(), $conditions);
-            if (empty($attribute)) {
-                throw new MethodNotAllowedException('Invalid attribute');
-            }
-            $attribute = $attribute[0];
             if (isset($attribute['AttributeTag'])) {
                 foreach ($attribute['AttributeTag'] as $k => $tag) {
                     $attribute['Attribute']['Tag'][$k] = $tag['Tag'];
@@ -1193,7 +1193,94 @@ class AttributesController extends AppController
             $this->set('Attribute', $attribute['Attribute']);
             $this->set('_serialize', array('Attribute'));
         } else {
-            $this->redirect('/events/view/' . $this->Attribute->data['Attribute']['event_id']);
+            $this->redirect('/events/view/' . $attribute['Attribute']['event_id']);
+        }
+    }
+
+    public function viewPicture($id, $thumbnail=false, $width=200, $height=200)
+    {
+        if (Validation::uuid($id)) {
+            $temp = $this->Attribute->find('first', array(
+                'recursive' => -1,
+                'conditions' => array('Attribute.uuid' => $id),
+                'fields' => array('Attribute.id', 'Attribute.uuid')
+            ));
+            if (empty($temp)) {
+                throw new NotFoundException(__('Invalid attribute'));
+            }
+            $id = $temp['Attribute']['id'];
+        } elseif (!is_numeric($id)) {
+            throw new NotFoundException(__('Invalid attribute id.'));
+        }
+        $this->Attribute->id = $id;
+        if (!$this->Attribute->exists()) {
+            throw new NotFoundException('Invalid attribute');
+        }
+        $conditions = array(
+            'conditions' => array(
+                'Attribute.id' => $id,
+                'Attribute.type' => 'attachment'
+            ),
+            'withAttachments' => true,
+            'includeAllTags' => false,
+            'includeAttributeUuid' => true,
+            'flatten' => true
+        );
+        $attribute = $this->Attribute->fetchAttributes($this->Auth->user(), $conditions);
+        if (empty($attribute)) {
+            throw new MethodNotAllowedException('Invalid attribute');
+        }
+        $attribute = $attribute[0];
+
+        if ($this->_isRest()) {
+            return $this->RestResponse->viewData($attribute['Attribute']['data'], $this->response->type());
+        } else {
+            $extension = explode('.', $attribute['Attribute']['value']);
+            $extension = end($extension);
+            if (extension_loaded('gd')) {
+                $image = ImageCreateFromString(base64_decode($attribute['Attribute']['data']));
+                if (!$thumbnail) {
+                    ob_start ();
+                    switch ($extension) {
+                        case 'gif':
+                            imagegif($image);
+                            break;
+                        case 'jpg':
+                        case 'jpeg':
+                            imagejpeg($image);
+                            break;
+                        case 'png':
+                            imagepng($image);
+                            break;
+                        default:
+                            break;
+                        }
+                        $image_data = $extension != 'gif' ? ob_get_contents() : base64_decode($attribute['Attribute']['data']);
+                        ob_end_clean ();
+                        imagedestroy($image);
+                } else { // thumbnail requested, resample picture with desired dimension
+                    $width = isset($this->request->params['named']['width']) ? $this->request->params['named']['width'] : 150;
+                    $height = isset($this->request->params['named']['height']) ? $this->request->params['named']['height'] : 150;
+                    if ($extension == 'gif') {
+                        $image_data = base64_decode($attribute['Attribute']['data']);
+                    } else {
+                        $extension = 'jpg';
+                        $imageTC = ImageCreateTrueColor($width, $height);
+                        ImageCopyResampled($imageTC, $image, 0, 0, 0, 0, $width, $height, ImageSX($image), ImageSY($image));
+                        ob_start ();
+                        imagejpeg ($imageTC);
+                        $image_data = ob_get_contents();
+                        ob_end_clean ();
+                        imagedestroy($image);
+                        imagedestroy($imageTC);
+                    }
+                }
+            } else {
+                $image_data = base64_decode($attribute['Attribute']['data']);
+            }
+            $this->response->type(strtolower(h($extension)));
+            $this->response->body($image_data);
+            $this->autoRender = false;
         }
     }
 
diff --git a/app/Controller/Component/ACLComponent.php b/app/Controller/Component/ACLComponent.php
index 1154761d9..f7a25ff46 100644
--- a/app/Controller/Component/ACLComponent.php
+++ b/app/Controller/Component/ACLComponent.php
@@ -68,6 +68,7 @@ class ACLComponent extends Component
                     'toggleToIDS' => array('perm_add'),
                     'updateAttributeValues' => array('perm_add'),
                     'view' => array('*'),
+                    'viewPicture' => array('*'),
             ),
             'eventBlacklists' => array(
                     'add' => array(),
diff --git a/app/Model/Event.php b/app/Model/Event.php
index 12536c5c0..1f5bbd432 100755
--- a/app/Model/Event.php
+++ b/app/Model/Event.php
@@ -4811,10 +4811,15 @@ class Event extends AppModel
             if (!empty($object['data'])) {
                 $object['image'] = $object['data'];
             } else {
-                if ($object['objectType'] === 'proposal') {
-                    $object['image'] = $this->ShadowAttribute->base64EncodeAttachment($object);
+                if (extension_loaded('gd')) {
+                    // if extention is loaded, the data is not passed to the view because it is asynchronously fetched
+                    $object['image'] = true; // tell the view that it is an image despite not having the actual data
                 } else {
-                    $object['image'] = $this->Attribute->base64EncodeAttachment($object);
+                    if ($object['objectType'] === 'proposal') {
+                        $object['image'] = $this->ShadowAttribute->base64EncodeAttachment($object);
+                    } else {
+                        $object['image'] = $this->Attribute->base64EncodeAttachment($object);
+                    }
                 }
             }
         }
diff --git a/app/Model/Server.php b/app/Model/Server.php
index 073b476cb..525770a35 100644
--- a/app/Model/Server.php
+++ b/app/Model/Server.php
@@ -4521,7 +4521,7 @@ class Server extends AppModel
     public function extensionDiagnostics()
     {
         $results = array();
-        $extensions = array('redis');
+        $extensions = array('redis', 'gd');
         foreach ($extensions as $extension) {
             $results['web']['extensions'][$extension] = extension_loaded($extension);
         }
diff --git a/app/View/Elements/Events/View/value_field.ctp b/app/View/Elements/Events/View/value_field.ctp
index 40b746348..9b748d083 100644
--- a/app/View/Elements/Events/View/value_field.ctp
+++ b/app/View/Elements/Events/View/value_field.ctp
@@ -2,10 +2,16 @@
   $sigDisplay = $object['value'];
   if ('attachment' == $object['type'] || 'malware-sample' == $object['type'] ) {
     if ($object['type'] == 'attachment' && isset($object['image'])) {
-      $extension = explode('.', $object['value']);
-      $extension = end($extension);
-      $uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
-      echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
+        if (extension_loaded('gd')) {
+            $img = '<it class="fa fa-spin fa-spinner" style="font-size: large; left: 50%; top: 50%;"></it>';
+            $img .= '<img class="screenshot screenshot-collapsed useCursorPointer img-rounded hidden" src="' . $baseurl . '/attributes/viewPicture/' . h($object['id']) . '/1' . '" title="' . h($object['value']) . '" onload="$(this).show(200); $(this).parent().find(\'.fa-spinner\').remove();"/>';
+            echo $img;
+        } else {
+            $extension = explode('.', $object['value']);
+            $extension = end($extension);
+            $uri = 'data:image/' . strtolower(h($extension)) . ';base64,' . h($object['image']);
+            echo '<img class="screenshot screenshot-collapsed useCursorPointer" src="' . $uri . '" title="' . h($object['value']) . '" />';
+        }
     } else {
       $filenameHash = explode('|', h($object['value']));
       if (strrpos($filenameHash[0], '\\')) {
diff --git a/app/View/Elements/healthElements/diagnostics.ctp b/app/View/Elements/healthElements/diagnostics.ctp
index 36ea0c817..faf327967 100644
--- a/app/View/Elements/healthElements/diagnostics.ctp
+++ b/app/View/Elements/healthElements/diagnostics.ctp
@@ -170,7 +170,7 @@
                     if (isset($extensions[$context]['extensions'])):
                         foreach ($extensions[$context]['extensions'] as $extension => $status):
                 ?>
-                            <?php echo h($extension); ?>:… <span style="color:<?php echo $status ? 'green' : 'red';?>;font-weight:bold;"><?php echo $status ? __('OK') : __('Not loaded'); ?></span>
+                            <?php echo h($extension); ?>:… <span style="color:<?php echo $status ? 'green' : 'red';?>;font-weight:bold;"><?php echo $status ? __('OK') : __('Not loaded'); ?></span><br />
                 <?php
                         endforeach;
                     else:
diff --git a/app/files/scripts/selftest.php b/app/files/scripts/selftest.php
index 1a5145dea..c9044c9b8 100755
--- a/app/files/scripts/selftest.php
+++ b/app/files/scripts/selftest.php
@@ -1,5 +1,5 @@
 <?php
-	$extensions = array('redis');
+	$extensions = array('redis', 'gd');
 	$results = array();
 	$results['phpversion'] = phpversion();
 	foreach ($extensions as $extension) {
diff --git a/app/webroot/css/main.css b/app/webroot/css/main.css
index 008e466fa..25a929348 100644
--- a/app/webroot/css/main.css
+++ b/app/webroot/css/main.css
@@ -848,12 +848,18 @@ a.proposal_link_red:hover {
 
 .screenshot_box {
     display:none;
-    position: fixed;
-    top:150px;
-    background-color:#f4f4f4;
-    border-radius: 11px 11px 10px 10px;
-    box-shadow: 4px 4px 4px #333;
+    position: absolute;
+    top: 100px;
+    left: 20px;
+    right: 20px;
     z-index:5;
+    text-align: center;
+}
+.screenshot_box-content {
+  margin: auto;
+  display: block;
+  background-color:#f4f4f4;
+  box-shadow: 4px 4px 4px #333;
 }
 
 .ajax_popover_form legend, .ajax_popover_form .legend {
diff --git a/app/webroot/js/misp.js b/app/webroot/js/misp.js
index fd1218414..f12ad86de 100644
--- a/app/webroot/js/misp.js
+++ b/app/webroot/js/misp.js
@@ -79,13 +79,22 @@ function genericPopup(url, popupTarget, callback) {
     });
 }
 
-function screenshotPopup(screenshotData, title) {
-    popupHtml = '<img src="' + screenshotData + '" id="screenshot-image" title="' + title + '" />';
+function screenshotPopup(url, title) {
+    if (!url.startsWith('data:image/')) {
+        url = url.slice(0, -1);
+    }
+    popupHtml = '<it class="fa fa-spin fa-spinner" style="font-size: xx-large; color: white; position: fixed; left: 50%; top: 50%;"></it>'
+    popupHtml += '<img class="screenshot_box-content hidden" src="' + url + '" id="screenshot-image" title="' + title + '" alt="' + title + '" onload="$(this).show(); $(this).parent().find(\'.fa-spinner\').remove();"/>';
     popupHtml += '<div class="close-icon useCursorPointer" onClick="closeScreenshot();"></div>';
+    if (!url.startsWith('data:image/')) {
+        popupHtml += '<a class="close-icon useCursorPointer fa fa-expand" style="right: 20px; background: black; color: white; text-decoration: none;" target="_blank" href="' + url + '" ></a>';
+    }
+    popupHtml += '<div style="height: 20px;"></div>'; // see bottom of image for large one
     $('#screenshot_box').html(popupHtml);
-    $('#screenshot_box').show();
-    left = ($(window).width() / 2) - ($('#screenshot-image').width() / 2);
-    $('#screenshot_box').css({'left': left + 'px'});
+    $('#screenshot_box').css({
+        display: 'block',
+        top: (document.documentElement.scrollTop + 100) + 'px'
+    });
     $("#gray_out").fadeIn();
 }
 
diff --git a/docs/INSTALL.ubuntu1804.md b/docs/INSTALL.ubuntu1804.md
index be25500c5..263baf411 100644
--- a/docs/INSTALL.ubuntu1804.md
+++ b/docs/INSTALL.ubuntu1804.md
@@ -107,7 +107,8 @@ installDepsPhp72 () {
   php-dev \
   php-json php-xml php-mysql php-opcache php-readline php-mbstring \
   php-pear \
-  php-redis php-gnupg
+  php-redis php-gnupg \
+  php-gd
 
   for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
   do
diff --git a/docs/archive/INSTALL.ubuntu1604.md b/docs/archive/INSTALL.ubuntu1604.md
index f5c6e3692..6896d6ed6 100644
--- a/docs/archive/INSTALL.ubuntu1604.md
+++ b/docs/archive/INSTALL.ubuntu1604.md
@@ -103,7 +103,7 @@ sudo a2dissite 000-default
 sudo a2ensite default-ssl
 
 # Install PHP and dependencies
-sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
+sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring php-gd -y
 
 # Apply all changes
 sudo systemctl restart apache2
diff --git a/docs/generic/supportFunctions.md b/docs/generic/supportFunctions.md
index 504ccb2ec..d5983775d 100644
--- a/docs/generic/supportFunctions.md
+++ b/docs/generic/supportFunctions.md
@@ -420,7 +420,8 @@ installDepsPhp70 () {
   php-dev \
   php-json php-xml php-mysql php-opcache php-readline php-mbstring \
   php-pear \
-  php-redis php-gnupg
+  php-redis php-gnupg \
+  php-gd
 
   for key in upload_max_filesize post_max_size max_execution_time max_input_time memory_limit
   do
@@ -443,7 +444,8 @@ installDepsPhp73 () {
   php7.3-dev \
   php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php7.3-mbstring \
   php-pear \
-  php-redis php-gnupg
+  php-redis php-gnupg \
+  php-gd
 }
 # <snippet-end 0_installDepsPhp73.sh>
 
diff --git a/docs/xINSTALL.OpenBSD.md b/docs/xINSTALL.OpenBSD.md
index cefa63eb9..e39f865aa 100644
--- a/docs/xINSTALL.OpenBSD.md
+++ b/docs/xINSTALL.OpenBSD.md
@@ -259,7 +259,7 @@ doas pkg_add -v fcgi-cgi fcgi
     If on OpenBSD 6.3, upgrade to 6.4 to make your life much easier.
 
 ```
-doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl72-redis
+doas pkg_add -v php-mysqli php-pcntl php-pdo_mysql php-apache pecl72-redis php-gd
 ```
 
 #### /etc/php-7.2.ini 
diff --git a/docs/xINSTALL.centos7.md b/docs/xINSTALL.centos7.md
index 4b02e6970..229ad892a 100644
--- a/docs/xINSTALL.centos7.md
+++ b/docs/xINSTALL.centos7.md
@@ -68,7 +68,7 @@ sudo yum install gcc git zip \
        libxslt-devel zlib-devel ssdeep-devel -y
 
 # Install PHP 7.1 from SCL, see https://www.softwarecollections.org/en/scls/rhscl/rh-php71/
-sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache -y
+sudo yum install rh-php71 rh-php71-php-fpm rh-php71-php-devel rh-php71-php-mysqlnd rh-php71-php-mbstring rh-php71-php-xml rh-php71-php-bcmath rh-php71-php-opcache rh-php71-php-gd -y
 
 # Install Python 3.6 from SCL, see
 # https://www.softwarecollections.org/en/scls/rhscl/rh-python36/
diff --git a/docs/xINSTALL.debian9.md b/docs/xINSTALL.debian9.md
index a113212af..fcab3ed21 100644
--- a/docs/xINSTALL.debian9.md
+++ b/docs/xINSTALL.debian9.md
@@ -77,7 +77,7 @@ libxml2-dev libxslt1-dev zlib1g-dev
 
 #sudo /etc/init.d/redis-server restart
 
-sudo apt install -y libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-mbstring php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-opcache php7.0-readline php-redis php-gnupg
+sudo apt install -y libapache2-mod-php7.0 php7.0 php7.0-cli php7.0-mbstring php7.0-dev php7.0-json php7.0-xml php7.0-mysql php7.0-opcache php7.0-readline php-redis php-gnupg php-gd
 
 sudo apt install -y \
 mariadb-client \
diff --git a/docs/xINSTALL.debian_testing.md b/docs/xINSTALL.debian_testing.md
index af66308cf..a10c5dc0c 100644
--- a/docs/xINSTALL.debian_testing.md
+++ b/docs/xINSTALL.debian_testing.md
@@ -61,7 +61,7 @@ python3-setuptools python3-dev python3-pip python3-redis python3-zmq virtualenv
 mariadb-client \
 mariadb-server \
 apache2 apache2-doc apache2-utils \
-libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg \
+libapache2-mod-php7.3 php7.3 php7.3-cli php7.3-mbstring php7.3-dev php7.3-json php7.3-xml php7.3-mysql php7.3-opcache php7.3-readline php-redis php-gnupg php-gd \
 libpq5 libjpeg-dev libfuzzy-dev ruby asciidoctor \
 jq ntp ntpdate jupyter-notebook imagemagick tesseract-ocr \
 libxml2-dev libxslt1-dev zlib1g-dev
diff --git a/docs/xINSTALL.ubuntu1804.with.webmin.md b/docs/xINSTALL.ubuntu1804.with.webmin.md
index 48c415fd8..3093fe2c2 100644
--- a/docs/xINSTALL.ubuntu1804.with.webmin.md
+++ b/docs/xINSTALL.ubuntu1804.with.webmin.md
@@ -141,7 +141,7 @@ Also make sure the variable ${VIRT_USER} is set to the user you created when you
 
 #### Install PHP and dependencies
 ```bash
-sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring -y
+sudo apt-get install libapache2-mod-php php php-cli php-gnupg php-dev php-json php-mysql php-opcache php-readline php-redis php-xml php-mbstring php-gd -y
 ```
 
 # Apply all changes