---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ ---------------------------------------------------------------------- TITLE: ClamAV CHM Processing Denial of Service SECUNIA ADVISORY ID: SA31725 VERIFY ADVISORY: http://secunia.com/advisories/31725/ CRITICAL: Moderately critical IMPACT: DoS WHERE: >From remote SOFTWARE: Clam AntiVirus (clamav) 0.x http://secunia.com/product/2538/ DESCRIPTION: A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service). The vulnerability is caused due to an error in libclamav/chmunpack.c when processing malformed CHM files. This can be exploited to cause an invalid memory access via a specially crafted CHM file. The vulnerability is reported in versions prior to 0.94. Other versions may also be affected. Note: Various other issues, where some may be security related, were also fixed. SOLUTION: Update to version 0.94. PROVIDED AND/OR DISCOVERED BY: Hanno Böck ORIGINAL ADVISORY: http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------