Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 17 Feb 2015 21:52:32 +0100
From: Sebastian Andrzej Siewior <>
Subject: CVE-2014-9328: clamav: special crafted upack files may lead to

upack is a tool for compressing .exe (.dll and such) files under
windows. clamav [0] is a virus scanning tool which is able to unpack
such files during scanning.

A handcrafted file could lead the de-compressor to access beyond bounds
leading to crash. This has been fixed via [1] and is part of the current
(0.96.6) release.

This bug has been discovered by AFL [2], american fuzzy lop.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ