[Pkg-clamav-devel] Etch backported security fixes

Florian Weimer fw at deneb.enyo.de
Wed Dec 3 11:38:46 UTC 2008


* Michael Tautschnig:

> +--- a/libclamav/vba_extract.c	2008-11-11 01:25:27.000000000 +0100
> ++++ b/libclamav/vba_extract.c	2008-11-11 01:26:24.000000000 +0100
> +@@ -110,7 +110,7 @@
> +                 return NULL;
> +         }
> + 
> +-        newname = (char *) cli_malloc(size*7);
> ++        newname = (char *) cli_malloc(size*7+1);
> +         if (!newname) {
> +                 return NULL;
> +         }

This does look like a potential integer overflow, but according to a
quick check, it's okay because all callers use something coming from a
16-bit unsigned value.

Has a CVE been assigned in the meantime?



More information about the Pkg-clamav-devel mailing list