oss-sec mailing list archives
CVE request: heap buffer overflow in ClamAV
From: Damien Millescamps <Damien.Millescamps () oppida fr>
Date: Fri, 21 Nov 2014 11:04:10 +0000
Hi, A heap buffer overflow was reported in [1] in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file. Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner. Upstream fix is available here: [2]. ClamAV 0.98.5 contains the above fix. Additional references: [1] https://bugzilla.clamav.net/show_bug.cgi?id=11155 [2] https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e Can a CVE be assigned to this, please ? Thanks, -- Damien Millescamps | Oppida
Current thread:
- CVE request: heap buffer overflow in ClamAV Damien Millescamps (Nov 21)
- Re: CVE request: heap buffer overflow in ClamAV cve-assign (Nov 21)