Mailing List Archive: [clamav-users] Question regarding the 0.103.1 PNG bug fix

Hello!

File type detection is performed primarily with file type magic (FTM) signatures loaded from daily.cvd. If you unpack daily.cvd, you’ll find them in daily.ftm. The signature format is documented here: https://www.clamav.net/documents/file-type-magic
By adjusting these signatures, we disabled detecting PNG files as “CL_TYPE_PNG” for 0.103.0 and prior, instead detecting PNG files as “CL_TYPE_GRAPHICS” as it had been before.

If you look at daily.ftm now, the PNG related signatures are:
0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_GRAPHICS::121
0:0:89504e47:PNG:CL_TYPE_ANY:CL_TYPE_PNG:122

For 0.103.1+, PNG files will detect as CL_TYPE_PNG which will enable the (fixed) PNG parser. Because we’re able to effectively mitigate the issue by disabling PNG file type detection, which wasn’t working correctly in other ways from an efficacy standpoint due to other bugs anyways, we didn’t request a CVE or publish an advisory.

-Micah

From: clamav-users <clamav-users-bounces@lists.clamav.net> On Behalf Of Pierre Olivier KAPLAN
Sent: Wednesday, March 3, 2021 5:12 AM
To: clamav-users@lists.clamav.net
Subject: [clamav-users] Question regarding the 0.103.1 PNG bug fix

Hello,

I have two question regarding the 0.103.1 Releases Notes.
In the bug fixes is mentionned an issue with some PNG parsing file causing a stack exhaustion. With isn't this categorized as a vulnerability, as it allows DoS attacks ?

It is also mentionned that a signature exists to avoid the parsing. But I couldn't find it in the database. Do you know which one we shall use ?

Thanks in advance for your help