oss-sec mailing list archives
Re: CVE request: clamav < 0.96.3 pdf bounds checking
From: Ludwig Nussel <ludwig.nussel () suse de>
Date: Tue, 28 Sep 2010 11:17:56 +0200
Hanno Böck wrote:
As always, clamav doesn't mention security issues in it's release notes, but the changelog gives some insight. The bundled bzip2 code is affected by CVE-2010-0405 which is no surprise. This however sounds more interesting: Mon Sep 20 14:50:34 EEST 2010 (edwin) ------------------------------------- * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) The referenced bug report is not public, but it sounds like this deserves a CVE.
Must be this commit: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=dc5143b4669ae39c79c9af50d569c28c798f33da If bytesleft2 is negative the next memchr would likely cause a crash. Previous commits in that file also improve bounds checks. cu Ludwig -- (o_ Ludwig Nussel //\ V_/_ http://www.suse.de/ SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
Current thread:
- CVE request: clamav < 0.96.3 pdf bounds checking Hanno Böck (Sep 22)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Josh Bressers (Sep 27)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Josh Bressers (Sep 27)