Hello!

File type detection is performed primarily with file type magic (FTM) 
signatures loaded from daily.cvd.  If you unpack daily.cvd, you’ll find them in 
daily.ftm.  The signature format is documented here: 
https://www.clamav.net/documents/file-type-magic
By adjusting these signatures, we disabled detecting PNG files as “CL_TYPE_PNG” 
for 0.103.0 and prior, instead detecting PNG files as “CL_TYPE_GRAPHICS” as it 
had been before.

If you look at daily.ftm now, the PNG related signatures are:
0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_GRAPHICS::121
0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_PNG:122

For 0.103.1+, PNG files will detect as CL_TYPE_PNG which will enable the 
(fixed) PNG parser.  Because we’re able to effectively mitigate the issue by 
disabling PNG file type detection, which wasn’t working correctly in other ways 
from an efficacy standpoint due to other bugs anyways, we didn’t request a CVE 
or publish an advisory.

-Micah


From: clamav-users <clamav-users-boun...@lists.clamav.net> On Behalf Of Pierre 
Olivier KAPLAN
Sent: Wednesday, March 3, 2021 5:12 AM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] Question regarding the 0.103.1 PNG bug fix

Hello,


I have two question regarding the 0.103.1 Releases Notes.
In the bug fixes is mentionned an issue with some PNG parsing file causing a 
stack exhaustion. With isn't this categorized as a vulnerability, as it allows 
DoS attacks ?

It is also mentionned that a signature exists to avoid the parsing. But I 
couldn't find it in the database. Do you know which one we shall use ?

Thanks in advance for your help
_______________________________________________

clamav-users mailing list
clamav-users@lists.clamav.net
https://lists.clamav.net/mailman/listinfo/clamav-users


Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq

http://www.clamav.net/contact.html#ml

Reply via email to