Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Date: Sun, 3 May 2015 18:24:18 +0200
From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-2222: clamav: crash on crafted petite packed file

Petite [0] is a tool for compressing PE files on windows.
Clamav [1] is a virus scanning tool which is able to unpack
such files during scanning.

Once the file has been identified as "petite" compressed before the
decompressing process is started it is possible that a specially crafted
file tells clamav to read more data than it allocated memory. On glibc it
leads to SIGABRT on free() since glibc's malloc() recognizes this.
A fix to this bug is part of the 0.98.7 release.

This is a different issue than the one reported in CVE-2015-1463.
This bug has been discovered by AFL [3], american fuzzy lop.

[0] http://www.un4seen.com/petite/
[1] http://www.clamav.net/
[2] https://github.com/vrtadmin/clamav-devel/commit/8aeedf3c4282bc916d6f6c290e1e530d125ec953
[3] http://lcamtuf.coredump.cx/afl/

Sebastian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.