oss-sec mailing list archives

CVE request: heap buffer overflow in ClamAV

From: Damien Millescamps <Damien.Millescamps () oppida fr>
Date: Fri, 21 Nov 2014 11:04:10 +0000

Hi,

A heap buffer overflow was reported in [1] in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file.
Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner.

Upstream fix is available here: [2].
ClamAV 0.98.5 contains the above fix.

Additional references:
[1] https://bugzilla.clamav.net/show_bug.cgi?id=11155
[2] https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e

Can a CVE be assigned to this, please ?

Thanks,
--
Damien Millescamps | Oppida

Current thread:

CVE request: heap buffer overflow in ClamAV Damien Millescamps (Nov 21)
- Re: CVE request: heap buffer overflow in ClamAV cve-assign (Nov 21)