oss-security September 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] CVE request: clamav < 0.96.3 pdf

[oss-security] CVE request: clamav < 0.96.3 pdf bounds checking

From: Hanno Böck <hanno_at_nospam>
Date: Wed Sep 22 2010 - 18:51:55 GMT
To: oss-security@lists.openwall.com

As always, clamav doesn't mention security issues in it's release notes, but
the changelog gives some insight.

The bundled bzip2 code is affected by CVE-2010-0405 which is no surprise.

This however sounds more interesting:
Mon Sep 20 14:50:34 EEST 2010 (edwin)
-------------------------------------
 * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226)

The referenced bug report is not public, but it sounds like this deserves a
CVE.

-- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno@hboeck.de http://schokokeks.org - professional webhosting