clamav -- heap overflow vulnerability

ID 342D2E48-26DB-11DB-9275-000475ABC56F
Type freebsd
Reporter FreeBSD
Modified 2006-08-07T00:00:00


Clamav team reports:

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code. The problem is specifically located in the PE file rebuild function used by the UPX unpacker. Relevant code from libclamav/upx.c:

    memcpy(dst, newbuf, foffset);
    *dsize = foffset;

    cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
    return 1;

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.