clamav: multiple issues

2015-05-03T00:00:00
ID ASA-201505-2
Type archlinux
Reporter Arch Linux
Modified 2015-05-03T00:00:00

Description

  • CVE-2015-2170 (denial of service)

A flaw has been found in the UPX decoder with crafted files. During unpacking there are two range checks which are implemented "manually". Those checks lack the detection of overflows which are considered by the CLI_ISCONTAINED() macro.

  • CVE-2015-2221 (denial of service)

Y0da cryptor / protector is a PE file encryptor - the executable file is decrypted on start up. Clamav is able to decrypt such files in order to scan them. As part of the decryptor there is an op code emulator. A special crafted file may contain a jump op code to a position that already has been interpreted - which leads to an endless loop. This leads to an endless loop in clamav itself.

  • CVE-2015-2222 (denial of service)

Petite is a tool for compressing PE files on windows. Clamav is a virus scanning tool which is able to unpack such files during scanning. Once the file has been identified as "petite" compressed before the decompressing process is started it is possible that a specially crafted file tells clamav to read more data than it allocated memory. On glibc it leads to SIGABRT on free() since glibc's malloc() recognizes this.

  • CVE-2015-2305 (arbitrary code execution)

An upstream patch for possible heap overflow in Henry Spencer's regex library has been applied. The flaw is within an integer overflow in the regcomp implementation in the Henry Spencer regex library on 32-bit platforms, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.

  • CVE-2015-2668 (denial of service)

A flaw has been discovered that is leading to an infinite loop condition on a crafted "xz" archive file.