Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 May 2015 18:24:35 +0200
From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc>
To: oss-security@...ts.openwall.com
Subject: CVE request - clamav - crash during algorithmic detection on crafted
 PE file

Clamav [0] is a virus scanning tool which is able to detect malware called
"W32.Polipos.A". During its detection it may crash due to an integer
underflow while examining its PE-sections.
This bug has been fixed [1] and is part of the 0.98.7 release.
This bug has been discovered by AFL [3], american fuzzy lop

[0] http://www.clamav.net/
[1] https://github.com/vrtadmin/clamav-devel/commit/a7bdfb4f0d3210eeab49280726ff3ea6d703280e
[2] http://lcamtuf.coredump.cx/afl/

Sebastian

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ