Date: Tue, 17 Feb 2015 21:52:37 +0100 From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc> To: oss-security@...ts.openwall.com Cc: lcamtuf@...edump.cx Subject: CVE-2015-1463: clamav: special crafted petite can lead to a crash I haven't requested this CVE but it looks to what I / AFL have discovered. petite  is too for compressing .exe (.dll and such) files under windows. clamav  is a virus scanning tool which is able to unpack such files during scanning. A handcrafted file could lead the de-compressor to access beyond bounds leading to crash because the compiler might have removed the boundary check. The boundary remains there up to the gcc 4.7 series. Starting with gcc 4.8 the compiler removes the check because it assumes that a signed overflow can not become negative. According to the gcc folks this assumption is within the C specification. As a fix  one of the variables becomes unsigned and is part of the current (0.96.6) release. This bug has been discovered by AFL , american fuzzy lop.  http://www.un4seen.com/petite/  http://www.clamav.net/  https://github.com/vrtadmin/clamav-devel/commit/96ff19a19eba64bdf47f2f12ecdbc5ee331c09e2  http://lcamtuf.coredump.cx/afl/ Sebastian
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ