[Pkg-clamav-devel] Etch backported security fixes
Florian Weimer
fw at deneb.enyo.de
Wed Dec 3 11:38:46 UTC 2008
* Michael Tautschnig:
> +--- a/libclamav/vba_extract.c 2008-11-11 01:25:27.000000000 +0100
> ++++ b/libclamav/vba_extract.c 2008-11-11 01:26:24.000000000 +0100
> +@@ -110,7 +110,7 @@
> + return NULL;
> + }
> +
> +- newname = (char *) cli_malloc(size*7);
> ++ newname = (char *) cli_malloc(size*7+1);
> + if (!newname) {
> + return NULL;
> + }
This does look like a potential integer overflow, but according to a
quick check, it's okay because all callers use something coming from a
16-bit unsigned value.
Has a CVE been assigned in the meantime?
More information about the Pkg-clamav-devel
mailing list