FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- CHM Processing Denial of Service

Affected packages
clamav < 0.94
clamav-devel < 20080902

Details

VuXML ID da5c4072-8082-11dd-9c8c-001c2514716c
Discovery 2008-07-09
Entry 2008-09-12

Hanno Boeck reports:

A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser.

References

CVE Name CVE-2008-1389
URL https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089