clamav -- multiple remote buffer overflows

2005-07-24T00:00:00
ID 1DB7ECF5-FD24-11D9-B4D6-0007E900F87B
Type freebsd
Reporter FreeBSD
Modified 2005-07-24T00:00:00

Description

An Secunia Advisory reports:

Neel Mehta and Alex Wheeler have reported some vulnerabilities in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

Two integer overflow errors in "libclamav/tnef.c" when processing TNEF files can be exploited to cause a heap-based buffer overflow via a specially crafted TNEF file with a length value of -1 in the header. An integer overflow error in "libclamav/chmunpack.c" can be exploited to cause a heap-based buffer overflow via a specially crafted CHM file with a chunk entry that has a filename length of -1. A boundary error in "libclamav/fsg.c" when processing a FSG compressed file can cause a heap-based buffer overflow.