oss-sec mailing list archives
Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details?
From: Felix Gröbert <groebert () google com>
Date: Sat, 27 Apr 2013 15:49:09 -0700
Hi, sorry for the delayed response, I'm OOO. The bugs should be public now: https://bugzilla.clamav.net/show_bug.cgi?id=7055 heap corruption, potentially exploitable. https://bugzilla.clamav.net/show_bug.cgi?id=7053 overflow due to PDF key length computation. Potentially exploitable. https://bugzilla.clamav.net/show_bug.cgi?id=7054 NULL pointer dereference in sis parsing. When building clamav I recommend disabling legacy or unneeded features (e.g. sis). I guess that's common sense though. Cheers Felix
Current thread:
- Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Jan Lieskovsky (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Felix Gröbert (Apr 27)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Salvatore Bonaccorso (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 29)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Kurt Seifried (Apr 24)
- Re: Multiple potential security issues fixed in ClamAV 0.97.8 - any further details? Henri Salo (Apr 24)