oss-sec mailing list archives
CVE request: clamav get_unicode_name() off-by-one buffer overflow
From: Thomas Biege <thomas () suse de>
Date: Thu, 13 Nov 2008 10:06:17 +0100
Hello, AFAIK no CVE-ID was assigned for the following issue yet. ----------------------------------------------------------------- ClamAV get_unicode_name() off-by-one buffer overflow Copyright (c) 2008 Moritz Jodeit <moritz () jodeit org> (2008/11/08) ----------------------------------------------------------------- Application details: From http://www.clamav.net/: "Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways. It provides a number of utilities including a flexible and scalable multi-threaded daemon, a command line scanner and advanced tool for automatic database updates. The core of the package is an anti-virus engine available in a form of shared library." Vulnerability description: ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment. The vulnerability occurs inside the get_unicode_name() function in libclamav/vba_extract.c when a specific `name' buffer is passed to it. ... -- Bye, Thomas -- Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg) -- Hamming's Motto: The purpose of computing is insight, not numbers. -- Richard W. Hamming
Current thread:
- CVE request: clamav get_unicode_name() off-by-one buffer overflow Thomas Biege (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Tomas Hoger (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Steven M. Christey (Nov 20)