oss-sec mailing list archives
CVE-2015-2222: clamav: crash on crafted petite packed file
From: Sebastian Andrzej Siewior <cve-announce () ml breakpoint cc>
Date: Sun, 3 May 2015 18:24:18 +0200
Petite [0] is a tool for compressing PE files on windows. Clamav [1] is a virus scanning tool which is able to unpack such files during scanning. Once the file has been identified as "petite" compressed before the decompressing process is started it is possible that a specially crafted file tells clamav to read more data than it allocated memory. On glibc it leads to SIGABRT on free() since glibc's malloc() recognizes this. A fix to this bug is part of the 0.98.7 release. This is a different issue than the one reported in CVE-2015-1463. This bug has been discovered by AFL [3], american fuzzy lop. [0] http://www.un4seen.com/petite/ [1] http://www.clamav.net/ [2] https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953 [3] http://lcamtuf.coredump.cx/afl/ Sebastian
Current thread:
- CVE-2015-2222: clamav: crash on crafted petite packed file Sebastian Andrzej Siewior (May 03)