#43315: glib2 @2.40.0 big_chunk_size.png reported as PNG:CVE-2013-1331 [Expl] by Avast. -----------------------------+-------------------------- Reporter: einarjohants@… | Owner: ryandesign@… Type: defect | Status: new Priority: Normal | Milestone: Component: ports | Version: 2.2.1 Resolution: | Keywords: Port: glib2 | -----------------------------+-------------------------- Comment (by sean@…): Note that this is not malware, but a purposefully malformed PNG to test verification code in the GIO package of GLib. See [https://mail.gnome.org/archives/commits-list/2013-October/msg08162.html this page] for some details. I have the same issue with Symantec not liking that file in a clone of the GLib repository. The problem is that such malformed PNGs had been used to exploit bugs in MS Office (as indicated by the [http://www.cve.mitre.org/cgi- bin/cvename.cgi?name=CVE-2013-1331 referenced CVE]). However, the one included with GLib has no real data in it. Agree that it should be escalated up to the GLib developers. -- Ticket URL: <https://trac.macports.org/ticket/43315#comment:2> MacPorts <http://www.macports.org/> Ports system for OS X
