CVE request: clamav get_unicode_name() off-by-one buffer overflow

[Thomas Biege <thomas () suse de>]

Hello,
AFAIK no CVE-ID was assigned for the following issue yet.

-----------------------------------------------------------------
ClamAV get_unicode_name() off-by-one buffer overflow

Copyright (c) 2008 Moritz Jodeit <moritz () jodeit org> (2008/11/08)
-----------------------------------------------------------------

Application details:

        From http://www.clamav.net/:

        "Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
        designed especially for e-mail scanning on mail gateways. It provides
        a number of utilities including a flexible and scalable multi-threaded
        daemon, a command line scanner and advanced tool for automatic
        database updates. The core of the package is an anti-virus engine
        available in a form of shared library."

Vulnerability description:

        ClamAV contains an off-by-one heap overflow vulnerability in the
        code responsible for parsing VBA project files. Successful
        exploitation could allow an attacker to execute arbitrary code with
        the privileges of the `clamd' process by sending an email with a
        prepared attachment.

        The vulnerability occurs inside the get_unicode_name() function
        in libclamav/vba_extract.c when a specific `name' buffer is passed
        to it.
...



-- 
Bye,
     Thomas
-- 
 Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
 SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
-- 
           Hamming's Motto:
           The purpose of computing is insight, not numbers.
                                -- Richard W. Hamming