Mandriva Linux Security Advisory - iDefense discovered a stack-based overflow in ClamAV when processing negative values in .cab files. As well, multiple file descriptor leaks were also reported and fixed in chmunpack.c, pdf.c, and dblock.c.
f779297792f061a11dc7ac1e1518200bcda326bb25d5bdc314f18267458a8b86Debian Security Advisory 1281-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit.
a38856b0a907ccadaf909ee556571f3e4f9135fa58530ccb485635894387737cGentoo Linux Security Advisory GLSA 200704-21 - iDefense Labs have reported a stack-based buffer overflow in the cab_unstore() function when processing negative values in .cab files. Multiple file descriptor leaks have also been reported in chmunpack.c, pdf.c and dblock.c when processing .chm files. Versions less than 0.90.2 are affected.
6c17169458553639ef56790ddc6bbd90f5c43c348594a708efbe65a448211898iDefense Security Advisory 04.16.07 - Remote exploitation of a buffer overflow vulnerability in Clam AntiVirus' ClamAV allows attackers to execute arbitrary code with the privileges of the affected process. The vulnerability exists within the cab_unstore() function in libclamav, the library used by clamd to scan various file types. A 32-bit signed integer is taken from the packet and compared against the sizeof() the destination buffer. However, the sizeof() return value is improperly casted to a signed integer. By supplying a negative value, an attacker can pass cause the comparison to succeed. This eventually leads to an exploitable stack-based buffer overflow. iDefense has confirmed the existence of this vulnerability in ClamAV in versions 0.90rc3 through 0.90.1.
a0e03ca2f3785c29263dffc681e45f0d4c2adfe3bada8fefa43b8334247040c6
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed