For anyone experiencing this issue, I have ‘solved’ it by using the following:
Class:
import {DomSanitizationService} from '@angular/platform-browser';
constructor(private _DomSanitizationService: DomSanitizationService) {}
Template:
<img [src]="_DomSanitizationService.bypassSecurityTrustUrl(imgSrcProperty)"/>
Where imgSrcProperty is the offending image base64 encoded.
I still think this is a bug!