FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- arbitrary code execution and DoS vulnerabilities

Affected packages
clamav < 0.87
clamav-devel < 20050917

Details

VuXML ID 271498a9-2cd4-11da-a263-0001020eed82
Discovery 2005-09-16
Entry 2005-09-24
Modified 2005-10-22

Gentoo Linux Security Advisory reports:

Clam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c" when processing malformed UPX-packed executables. It can also be sent into an infinite loop in "libclamav/fsg.c" when processing specially-crafted FSG-packed executables.

By sending a specially-crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.

References

CERT/CC Vulnerability Note 363713
CVE Name CVE-2005-2919
CVE Name CVE-2005-2920
URL http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml