Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list]
Date: Sun, 3 May 2015 18:24:00 +0200
From: Sebastian Andrzej Siewior <>
Subject: CVE-2015-2221: clamav: infinite loop condition on crafted y0da
 cryptor file

Y0da cryptor / protector is a PE file encryptor - the executable file is
decrypted on start up. Clamav [0] is able to decrypt such files in order to
scan them. As part of the decryptor there is an op code emulator. A special
crafted file may contain a jump op code to a position that already has been
interpreted - which leads to an endless loop. This leads to an endless loop in
clamav itself.

This has been fixed by [1] and the loop limit has been increased in [2]. This
change is part of the 0.98.7 release.

This bug has been discovered by AFL [3], american fuzzy lop.



Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.