Date: Fri, 21 Nov 2014 11:04:10 +0000 From: Damien Millescamps <Damien.Millescamps@...ida.fr> To: "'oss-security@...ts.openwall.com'" <oss-security@...ts.openwall.com> Subject: CVE request: heap buffer overflow in ClamAV Hi, A heap buffer overflow was reported in  in ClamAV when scanning a specially crafted y0da Crypter obfuscated PE file. Note that this is remotely exploitable when ClamAV is used as a mail gateway scanner. Upstream fix is available here: . ClamAV 0.98.5 contains the above fix. Additional references:  https://bugzilla.clamav.net/show_bug.cgi?id=11155  https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e Can a CVE be assigned to this, please ? Thanks, -- Damien Millescamps | Oppida
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.