Home page logo
/

oss-sec logo oss-sec mailing list archives

CVE request: ClamAV vulnerabilities
From: Sergey Popov <pinkbyte () gentoo org>
Date: Fri, 29 Nov 2013 13:20:42 +0400

It's a bit late, but i would like to request CVE for two
vulnerabilities, that present in ClamAV before 0.97.7[1]:

1) A double-free error exists within the "unrar_extract_next_prepare()"
function (libclamunrar_iface/unrar_iface.c) when parsing a RAR file.

2) An unspecified error within the "wwunpack()" function
(libclamav/wwunpack.c) when unpacking a WWPack file can be exploited to
corrupt heap memory.

[1] - https://secunia.com/advisories/52647/

-- 
Best regards, Sergey Popov
Gentoo developer
Gentoo Desktop Effects project lead
Gentoo Qt project lead
Gentoo Proxy maintainers project lead

Attachment: signature.asc
Description: OpenPGP digital signature


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault