Bug 595318 (CVE-2010-1639)

Summary: CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s)
Product: [Other] Security Response Reporter: Jan Lieskovsky <jlieskov>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: christoph.wickert, nb, rh-bugzilla, vdanen
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2011-04-07 22:02:37 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 595321, 667203    
Bug Blocks:    

Description Jan Lieskovsky 2010-05-24 11:26:12 UTC 
BBabba found a heap-based overflow flaw, in the way Clam AntiVirus's
command line anti-virus scanner performed scanning of Portable Document
Format (PDF) files. If a local user was tricked into scanning a
specially-crafted PDF file, it could lead to clamscan executable
crash, or, potentially, arbitrary code execution with the privileges
of the user running the clamscan tool.

Upstream bug report:
  [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016

Upstream changeset:
  [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236

CVE Request:
  [3] http://www.openwall.com/lists/oss-security/2010/05/21/5
Comment 1 Jan Lieskovsky 2010-05-24 11:30:52 UTC 
This issue affects the current versions of the clamav package, as shipped
with Fedora releases of 11 and 12.

This issue affects the current versions of the clamav package, as shipped
within EPEL-4 and EPEL-5 repositories.

Please fix.
Comment 3 Vincent Danen 2010-05-25 21:24:06 UTC 
This has been assigned CVE-2010-1639.
Comment 4 Christoph Wickert 2010-12-29 17:37:27 UTC 
Why is this still in state ON_QA if the blocking bug was closed on AUgust 18, 2010?
Comment 5 Vincent Danen 2011-01-04 17:33:58 UTC 
Most likely due to EPEL4 and 5 still providing clamav-0.95.1 which does not have this fix.  The blocking bug probably shouldn't have been closed until EPEL was updated.
Comment 6 Christoph Wickert 2011-01-04 17:43:35 UTC 
I suggest to make individual bugs for all affected releases and let this bug block all of them to avoid confusion.
Comment 7 Vincent Danen 2011-01-04 18:45:58 UTC 
We used to do that, and folks were (understandably) annoyed at the volume of bugs, so now we use one when it affects everything and get more granular if an issue affects one release and not another.  It should have probably been clearer that EPEL was affected, although comment #1 did indicate that.
Comment 8 Vincent Danen 2011-01-04 19:37:28 UTC 
Created clamav tracking bugs for this issue

Affects: epel-all [bug 667203]
Comment 9 Nick Bebout 2011-04-07 22:02:37 UTC 
They should be pushed to stable, or will be soon.  Please reopen if bug still exists.