6.8 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.013 Low
EPSS
Percentile
84.2%
A flaw has been found in the UPX decoder with crafted files. During
unpacking there are two range checks which are implemented "manually".
Those checks lack the detection of overflows which are considered by the
CLI_ISCONTAINED() macro.
Y0da cryptor / protector is a PE file encryptor - the executable file is
decrypted on start up. Clamav is able to decrypt such files in order to
scan them. As part of the decryptor there is an op code emulator. A
special crafted file may contain a jump op code to a position that
already has been interpreted - which leads to an endless loop. This
leads to an endless loop in clamav itself.
Petite is a tool for compressing PE files on windows. Clamav is a virus
scanning tool which is able to unpack such files during scanning. Once
the file has been identified as "petite" compressed before the
decompressing process is started it is possible that a specially crafted
file tells clamav to read more data than it allocated memory. On glibc
it leads to SIGABRT on free() since glibc’s malloc() recognizes this.
An upstream patch for possible heap overflow in Henry Spencer’s regex
library has been applied. The flaw is within an integer overflow in the
regcomp implementation in the Henry Spencer regex library on 32-bit
platforms, might allow context-dependent attackers to execute arbitrary
code via a large regular expression that leads to a heap-based buffer
overflow.
A flaw has been discovered that is leading to an infinite loop condition
on a crafted "xz" archive file.