Author Topic: Defending Libpng Applications Against Decompression Bombs  (Read 2074 times)

0 Members and 1 Guest are viewing this topic.

Offline adoria0000

  • Newbie
  • *
  • Posts: 18
Defending Libpng Applications Against Decompression Bombs
« on: March 04, 2010, 01:56:32 PM »
About the following things, is avast!5 affected?

Security Advisory for libpng-1.4.0 and earlier, 27 February 2010
http://libpng.sourceforge.net/ADVISORY-1.4.1.html

Defending Libpng Applications Against Decompression Bombs
http://libpng.sourceforge.net/decompression_bombs.html

Offline adoria0000

  • Newbie
  • *
  • Posts: 18
Re: Defending Libpng Applications Against Decompression Bombs
« Reply #1 on: March 05, 2010, 03:27:36 PM »
bump

Offline pfcpremosgirl

  • Newbie
  • *
  • Posts: 1
Re: Defending Libpng Applications Against Decompression Bombs
« Reply #2 on: March 15, 2010, 01:17:45 AM »
This is the first time I have gotten a "decompression bomb" result in my avast scan. There are two unable to scan:decompression files, and one that came up unable to scan: reached the end of file. The files are as follows: Starcraft+BroodWar+UpdatePatch1.151+CD Key/StarCraftBroodWar.iso\INSTALL.EXE. All three files are related to StarCraft BroodWar. I am imagining this is some type of game? My husband may have downloaded this before he deployed. Should I just leave this be? Move it? It won't let me put it into the chest. Would just having these game files on the computer slow it down? Please advise! Thank you!

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67249
Re: Defending Libpng Applications Against Decompression Bombs
« Reply #3 on: March 15, 2010, 02:55:58 AM »
Decompression bomb is a file that may be rather small, but decompresses to an enormous amount of data (when processed as a packed archive). Such file are not malicious per se, but they may block an antivirus program when it tries to scan them.
This kind of files is rather hard to detect (and avoid) precisely - so, it is possible that there are some false alarms. It's not a big problem in this case, however - the "decompression bomb" announcement actually means something like "The file has a very high, maybe even suspicious, compression ratio and the AV is not going to scan the archive content".

I'd suggest to ignore these files.
The best things in life are free.