Date: Tue, 17 Feb 2015 21:52:32 +0100 From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc> To: oss-security@...ts.openwall.com Cc: lcamtuf@...edump.cx Subject: CVE-2014-9328: clamav: special crafted upack files may lead to segfault upack is a tool for compressing .exe (.dll and such) files under windows. clamav  is a virus scanning tool which is able to unpack such files during scanning. A handcrafted file could lead the de-compressor to access beyond bounds leading to crash. This has been fixed via  and is part of the current (0.96.6) release. This bug has been discovered by AFL , american fuzzy lop.  http://www.clamav.net/  https://github.com/vrtadmin/clamav-devel/commit/5e1fbf3668bd167828d675830103b3c1ccdcb76d  http://lcamtuf.coredump.cx/afl/ Sebastian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ