thr3ads.net - Secure testing team - [Secure-testing-team] Bug#505134: clamav: ClamAV get_unicode_name() off-by-one buffer overflow [Nov 2008]

If this information is useful, please help other people find it:
Share via:

Twitter
Facebook
Email

Stefan Fritsch

2008-Nov-09 18:54 UTC

[Secure-testing-team] Bug#505134: clamav: ClamAV get_unicode_name() off-by-one buffer overflow

Package: clamav
Version: 0.90.1-1
Severity: grave
Tags: security
Justification: user security hole

A vulnerability has been reported for clamav. There does not seem to be a CVE id
yet.  From http://seclists.org/bugtraq/2008/Nov/0070.html: 

ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd'' process by sending an email with a
prepared attachment.

Vulnerable packages: 
 
All versions up to 0.94 are vulnerable. 
Version 0.94.1 fixes the problem.

Secure testing team - Nov 2008 - Bug#505134: clamav: ClamAV get_unicode_name() off-by-one buffer overflow

[Secure-testing-team] Bug#505134: clamav: ClamAV get_unicode_name() off-by-one buffer overflow