Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Date: Sat, 27 Apr 2013 15:49:09 -0700
From: Felix Gröbert <>
Cc:, Henri Salo <>, 
	Jan Lieskovsky <>, "Steven M. Christey" <>,
Subject: Re: Multiple potential security issues fixed in ClamAV
 0.97.8 - any further details?


sorry for the delayed response, I'm OOO.

The bugs should be public now:
heap corruption, potentially exploitable.
overflow due to PDF key length computation. Potentially exploitable.
NULL pointer dereference in sis parsing.

When building clamav I recommend disabling legacy or unneeded features
(e.g. sis). I guess that's common sense though.


Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.