Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 28 Sep 2010 11:17:56 +0200
From: Ludwig Nussel <ludwig.nussel@...e.de>
To: oss-security@...ts.openwall.com
Subject: Re: CVE request: clamav < 0.96.3 pdf bounds checking

Hanno Böck wrote:
> As always, clamav doesn't mention security issues in it's release notes, but 
> the changelog gives some insight.
> 
> The bundled bzip2 code is affected by CVE-2010-0405 which is no surprise.
> 
> This however sounds more interesting:
> Mon Sep 20 14:50:34 EEST 2010 (edwin)
> -------------------------------------
>  * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)
> 
> The referenced bug report is not public, but it sounds like this deserves a 
> CVE.

Must be this commit:
http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=dc5143b4669ae39c79c9af50d569c28c798f33da

If bytesleft2 is negative the next memchr would likely cause a
crash. Previous commits in that file also improve bounds checks.
cu
Ludwig

-- 
 (o_   Ludwig Nussel
 //\   
 V_/_  http://www.suse.de/
SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nuernberg)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.