Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 685722 - ClamAV gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND
Summary: ClamAV gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND
Status: RESOLVED CANTFIX
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo Security
URL: http://distfiles.gentoo.org/distfiles...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-05-12 12:02 UTC by Fedja Beader
Modified: 2019-05-12 13:53 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Fedja Beader 2019-05-12 12:02:45 UTC
Came up during world update.

Reproducible: Always
Comment 1 Jeroen Roovers gentoo-dev 2019-05-12 13:34:57 UTC
# clamdscan gdk-pixbuf-2.38.1.tar.xz
gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND

----------- SCAN SUMMARY -----------
Infected files: 1
Time: 125.656 sec (2 m 5 s)
Comment 2 Thomas Deutschmann gentoo-dev Security 2019-05-12 13:53:41 UTC
I can confirm the report,

> gdk-pixbuf-2.38.1.tar.xz: BC.Gif.Exploit.Agent-1425366.Agent FOUND
> gdk-pixbuf-2.38.1.tar.xz!POSIX_TAR:gdk-pixbuf-2.38.1/tests/bug775693.pixdata!...!(5)POSIX_TAR:gdk-pixbuf-2.38.1/tests/test-images/gif-test-suite/max-width.gif: BC.Gif.Exploit.Agent-1425366.Agent FOUND
> 
> ----------- SCAN SUMMARY -----------
> Known viruses: 6125485
> Engine version: 0.101.2
> Scanned directories: 0
> Scanned files: 1
> Infected files: 1
> Data scanned: 22.48 MB
> Data read: 5.25 MB (ratio 4.28:1)
> Time: 63.945 sec (1 m 3 s)

but there's nothing we can do about it:

Upstream has added a test case for https://bugzilla.gnome.org/show_bug.cgi?id=775693. However, the test could also be used as exploit, that's why clamav is detecting that file.

Because there's a valid reason for ClamAV to detect that code and there's a valid reason for gdk-pixbuf upstream to carry such a test, we cannot do anything.