clamav -- heap overflow vulnerability

2006-08-07T00:00:00
ID 342D2E48-26DB-11DB-9275-000475ABC56F
Type freebsd
Reporter FreeBSD
Modified 2006-08-07T00:00:00

Description

Clamav team reports:

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code. The problem is specifically located in the PE file rebuild function used by the UPX unpacker. Relevant code from libclamav/upx.c:

    memcpy(dst, newbuf, foffset);
    *dsize = foffset;
    free(newbuf);

    cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
    return 1;

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.