Vulnerability?

[hakelm]

Running clamscan on an Ubuntu 16.04 I get:

/home/he/fpc/lazarus/.svn/pristine/c9/c9cb90a5ff85b6e1e0f58797eeffebf6dc1a091f.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/.svn/pristine/7e/7ec1a77c72d842fe6ceace20b36ef80649260095.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/.svn/pristine/36/36bbf6906e461e5115d72c8a44bb37ea39543f56.svn-base: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xc9n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xd0n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND
/home/he/fpc/lazarus/test/manual/png/testsuite/xd3n2c08.png: Heuristics.PNG.CVE-2010-1205 FOUND

Does anyone know if this a real threat or just a  guess by clamscan?

Thanks in advance
H

[Warfley]

upload some files to virustotal.com and get some second opinion?

Usually they are false positives, specially when the found problems are vague (like "heuristic" or "gen(eric)")

This is not a virus detection but a vulnerability.

@Thread
CVE-2010-1205 is a vulnerability tracked by mitre as "Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row."

So the vulnerability is in libpng. Lazarus uses this lib but I think it is linked dynamically, not statically so this indicates to me that you simply have a vulnerable libpng version on your device, i.e. installed through your package manager.
Probably due to the fact that you are using an ancient Ubuntu version (5 years old), as this vulnerability is more than 10 years old this shouldn't happen on newer versions.

[marcov]

It might also simply be that the png has some segment that is large enough to overflow the buffer, and the avirus considers that a possible exploit.