oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: CVE request: clamav < 0.96.3 pdf bounds checking

From: Josh Bressers <bressers () redhat com>
Date: Mon, 27 Sep 2010 15:47:47 -0400 (EDT)
Use CVE-2010-3434

If someone has more information, or an upstream contact it would be much appreciated.

Thanks.

-- 
    JB


----- "Hanno Böck" <hanno () hboeck de> wrote:


As always, clamav doesn't mention security issues in it's release
notes, but 
the changelog gives some insight.

The bundled bzip2 code is affected by CVE-2010-0405 which is no
surprise.

This however sounds more interesting:
Mon Sep 20 14:50:34 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)

The referenced bug report is not public, but it sounds like this
deserves a 
CVE.

-- 
Hanno Böck                Blog:                http://www.hboeck.de/
GPG: 3DBD3B20                Jabber/Mail:        hanno () hboeck de

http://schokokeks.org - professional webhosting
Previous By Date Next
Previous By Thread Next

Current thread: