Mandriva Linux Security Advisory - An integer overflow vulnerability was reported by iDefense with clamav when parsing Portable Executable (PE) files packed in he MEW format. This could be exploited to cause a heap-based buffer overflow. Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files. As well, an unspecified vulnerability related to the bzip2 decompression algorithm was also discovered.
37b9a19cb61c4a301b58ab8777a496aecba98b36f31673396fda65b345441908
Gentoo Linux Security Advisory GLSA 200712-20 - iDefense reported an integer overflow vulnerability in the cli_scanpe() function when parsing Portable Executable (PE) files packed in the MEW format, that could be exploited to cause a heap-based buffer overflow (CVE-2007-6335). Toeroek Edwin reported an off-by-one error when decompressing MS-ZIP compressed CAB files (CVE-2007-6336). An unspecified vulnerability related to the bzip2 decompression algorithm has also been discovered (CVE-2007-6337). Versions less than 0.91.2-r1 are affected.
e3b7501c28f682a4dae876bbf5d70640402854f24b4eafc3f39148e015a7fbba
Debian Security Advisory 1435-1 - Several remote vulnerabilities have been discovered in the Clam anti-virus toolkit. It was discovered that an integer overflow in the decompression code for MEW archives may lead to the execution of arbitrary code. It was discovered that on off-by-one in the MS-ZIP decompression code may lead to the execution of arbitrary code.
ea12bfb463bbc6e401eff39774a965c72afcf5c7fc89d285cf70cd1baa962a0b