Recent

Author Topic: Vulnerability?  (Read 1905 times)

hakelm

  • Full Member
  • ***
  • Posts: 130
Vulnerability?
« on: October 14, 2021, 10:33:54 am »
Running clamscan on an Ubuntu 16.04 I get:

/home/he/fpc/lazarus/.svn/pristine/c9/c9cb90a5ff85b6e1e0f58797eeffebf6dc1a091f.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/.svn/pristine/7e/7ec1a77c72d842fe6ceace20b36ef80649260095.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/.svn/pristine/36/36bbf6906e461e5115d72c8a44bb37ea39543f56.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xc9n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xd0n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xd3n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND

Does anyone know if this a real threat or just a  guess by clamscan?

Thanks in advance
H


Warfley

  • Hero Member
  • *****
  • Posts: 608
Re: Vulnerability?
« Reply #1 on: October 14, 2021, 02:56:01 pm »
upload some files to virustotal.com and get some second opinion?

Usually they are false positives, specially when the found problems are vague (like "heuristic" or "gen(eric)")

This is not a virus detection but a vulnerability.

@Thread
CVE-2010-1205 is a vulnerability tracked by mitre as "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row."

So the vulnerability is in libpng. Lazarus uses this lib but I think it is linked dynamically, not statically so this indicates to me that you simply have a vulnerable libpng version on your device, i.e. installed through your package manager.
Probably due to the fact that you are using an ancient Ubuntu version (5 years old), as this vulnerability is more than 10 years old this shouldn't happen on newer versions.
« Last Edit: October 14, 2021, 02:58:15 pm by Warfley »

marcov

  • Administrator
  • Hero Member
  • *
  • Posts: 9701
  • FPC developer.
Re: Vulnerability?
« Reply #2 on: October 14, 2021, 03:23:09 pm »
It might also simply be that the png has some segment that is large enough to overflow the buffer, and the avirus considers that a possible exploit.

 

TinyPortal © 2005-2018