Browse code
PNG: Move PNG heuristic behind broken-media option
The condition triggering Heuristics.PNG.CVE-2010-1205 is more common
than expected. Considering this type of malformed PNG is somewhat common
and the CVE is more than 10 years old, it is reasonable to place this
detection behind the --alert-broken-media (SCAN_HEURISTIC_BROKEN_MEDIA)
option.
Micah Snyder authored on 2021/05/28 10:44:43Showing 1 changed files
| ... | ... |
@@ -357,7 +357,7 @@ cl_error_t cli_parsepng(cli_ctx *ctx) |
| 357 | 357 |
zstrm_initialized = false; |
| 358 | 358 |
idat_state = PNG_IDAT_DECOMPRESSION_COMPLETE; |
| 359 | 359 |
|
| 360 |
- if (decompressed_data_len > image_size) {
|
|
| 360 |
+ if ((decompressed_data_len > image_size) && (SCAN_HEURISTIC_BROKEN_MEDIA)) {
|
|
| 361 | 361 |
status = cli_append_virus(ctx, "Heuristics.PNG.CVE-2010-1205"); |
| 362 | 362 |
goto done; |
| 363 | 363 |
} |