ClamAV 'chmunpack.c'非法内存访问远程拒绝服务漏洞

BUGTRAQ ID: 30994 CVE ID：CVE-2008-1389 CNCVE ID：CNCVE-20081389 ClamAV是一款反病毒应用程序。 ClamAV处理畸形CHM文件存在非法内存访问错误，远程攻击者可以利用漏洞对服务程序进行拒绝服务攻击。 问题存在于'chmunpack.c'中，畸形的CHM文件，诱使ClamAV处理可触发此漏洞。 ifenslave ifenslave 0.88 Clam Anti-Virus ClamAV 0.93.1 Clam Anti-Virus ClamAV 0.92.1 Clam Anti-Virus ClamAV 0.91.2 Cl...

ClamAV < 0.94 Invalid Memory Access DoS Vulnerability

ClamAV is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2008 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:clamav:clamav";...

CVE-2008-1389

CVE-2008-1389 affects ClamAV’s CHM parser (libclamav/chmunpack.c). A malformed CHM file can trigger an invalid memory access, leading to an application crash (denial of service) in ClamAV before version 0.94. Connected advisory data confirm that this vulnerability was addressed by the vendor with...

CVE-2007-1745

CVE-2007-1745 affects ClamAV prior to 0.90.2, where the function chm_decompress_stream in libclamav/chmunpack.c leaks file descriptors when processing a crafted CHM file. The description from the initial document states the impact is unknown and does not specify a concrete exploit path or affecte...

GLSA-200610-10 : ClamAV: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-200610-10 ClamAV: Multiple Vulnerabilities Damian Put and an anonymous researcher reported a potential heap-based buffer overflow vulnerability in rebuildpe.c responsible for the rebuilding of an unpacked PE file, and a possible...