[Pkg-clamav-devel] Bug#523016: clamav vulnerability
Michael S. Gilbert
michael.s.gilbert at gmail.com
Tue Apr 7 21:40:35 UTC 2009
package: clamav
severity: grave
tags: security
hi,
ubuntu recently patched a problem in clamav [1]. the description is:
It was discovered that ClamAV did not properly verify its input when
processing TAR archives. A remote attacker could send a specially
crafted TAR file and cause a denial of service via infinite loop.
It was discovered that ClamAV did not properly validate Portable
Executable (PE) files. A remote attacker could send a crafted PE file
and cause a denial of service (divide by zero).
i'm not sure if this is CVE-2009-1241 or if it a new issue.
[1] http://www.ubuntu.com/usn/usn-754-1
More information about the Pkg-clamav-devel
mailing list