oss-sec mailing list archives
CVE request: clamav get_unicode_name() off-by-one buffer overflow
From: Thomas Biege <thomas () suse de>
Date: Thu, 13 Nov 2008 10:06:17 +0100
Hello,
AFAIK no CVE-ID was assigned for the following issue yet.
-----------------------------------------------------------------
ClamAV get_unicode_name() off-by-one buffer overflow
Copyright (c) 2008 Moritz Jodeit <moritz () jodeit org> (2008/11/08)
-----------------------------------------------------------------
Application details:
From http://www.clamav.net/:
"Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX,
designed especially for e-mail scanning on mail gateways. It provides
a number of utilities including a flexible and scalable multi-threaded
daemon, a command line scanner and advanced tool for automatic
database updates. The core of the package is an anti-virus engine
available in a form of shared library."
Vulnerability description:
ClamAV contains an off-by-one heap overflow vulnerability in the
code responsible for parsing VBA project files. Successful
exploitation could allow an attacker to execute arbitrary code with
the privileges of the `clamd' process by sending an email with a
prepared attachment.
The vulnerability occurs inside the get_unicode_name() function
in libclamav/vba_extract.c when a specific `name' buffer is passed
to it.
...
--
Bye,
Thomas
--
Thomas Biege <thomas () suse de>, SUSE LINUX, Security Support & Auditing
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)
--
Hamming's Motto:
The purpose of computing is insight, not numbers.
-- Richard W. Hamming
Current thread:
- CVE request: clamav get_unicode_name() off-by-one buffer overflow Thomas Biege (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Tomas Hoger (Nov 13)
- Re: CVE request: clamav get_unicode_name() off-by-one buffer overflow Steven M. Christey (Nov 20)
