Bug 580468 (CVE-2010-1311)

Summary: CVE-2010-1311 Clam AntiVirus (prior to v0.96): Memory corruption by scanning Quantum-compressed file(s)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED ERRATA QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: hcatherine916, nancydawkins60, rh-bugzilla
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-10-19 09:11:49 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 580676    
Bug Blocks:    

Description Jan Lieskovsky 2010-04-08 10:51:46 UTC 
Török Edwin reported:
  [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

a deficiency in the way Clam AntiVirus decompressed certain
Quantum-compressed files. An attacker could use this flaw
to cause a denial of service (clamscan crash) or, potentially
execute arbitrary code, with the privileges of the user
running clamscan.

Upstream bug report:
  [2] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771

Upstream patch:
  [3] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=224fee54dd6cd8933d7007331ec2bfca0398d4b4

References:
  [4] http://secunia.com/advisories/39329/

CVE Request:
  [5] http://www.openwall.com/lists/oss-security/2010/04/06/4
Comment 1 Jan Lieskovsky 2010-04-08 10:56:23 UTC 
This issue affects the versions of the clamav package,
as shipped with Fedora release of 11 and 12.

This issue affects the versions of the clamav package,
as present in EPEL-4 and EPEL-5 repositories.

Please fix.
Comment 2 Jan Lieskovsky 2010-04-08 18:38:09 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2010-1311 to
this vulnerability:

The qtm_decompress function in libclamav/mspack.c in ClamAV before
0.96 allows remote attackers to cause a denial of service (memory
corruption and application crash) via a crafted CAB archive that uses
the Quantum (aka .Q) compression format. NOTE: some of these details
are obtained from third party information.

References:
  [1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1311
  [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=blob_plain;f=ChangeLog;hb=clamav-0.96
  [3] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1771
  [4] http://www.securityfocus.com/bid/39262
  [5] http://secunia.com/advisories/39329
Comment 6 Nancy 2024-03-06 11:56:27 UTC Comment hidden (spam)