FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- Multiple Vulnerabilities

Affected packages
clamav < 0.93
clamav-devel < 20080415


VuXML ID 589d8053-0b03-11dd-b4ef-00e07dc4ec84
Discovery 2008-04-15
Entry 2008-04-15

Secunia reports:

Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) A boundary error exists within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable.

Successful exploitation allows execution of arbitrary code.

2) A boundary error within the processing of PeSpin packed executables in libclamav/spin.c can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

3) An unspecified error in the processing of ARJ files can be exploited to hang ClamAV.


CVE Name CVE-2008-1100
CVE Name CVE-2008-1387