Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 May 2015 18:24:34 +0200
From: Sebastian Andrzej Siewior <>
Subject: CVE request - clamav - crashes on crafted upack packed file

WinUPack / UPack [0] is a tool for compressing PE files. Clamav [1] is a virus
scanning tool which is able to unpack such files during scanning.

There are two issues:
- There is a wrongly implemented range check. The size (of the memory) has
  been fed as (j * 4) into the macro. With this written as-is the compiler
  treats it as a "32 bit" operation and feeds the result into the macro. That
  means the "64 bit" cast (to catch 32bit overflows) can not be performed
  anymore. The result is a segfault. This has been fixed [2].

- A missing range check while invoking cli_rebuildpe(). A crafted file may
  lead to reading more data from the file than memory has been allocated
  leading to a crash. This has been fixed [3].

The two fixes are part of the 0.98.7 release.
Both bugs have been discovered by AFL [4], american fuzzy lop.



Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ