The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. Reference: https://github.com/hackerlib/hackerlib-vul/tree/master/clamav-vul Upstream bug: https://bugzilla.clamav.net/show_bug.cgi?id=11873
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1472777] Affects: fedora-all [bug 1472778]
Adam Mariš , can I sergio have permission to look at https://bugzilla.clamav.net/show_bug.cgi?id=11873 ? Thanks
(In reply to Sergio Monteiro Basto from comment #2) > Adam Mariš , can I sergio have permission to look at > https://bugzilla.clamav.net/show_bug.cgi?id=11873 ? > > Thanks Sorry, I can't help you with that. Neither do I have access there.
Created libmspack tracking bugs for this issue: Affects: fedora-all [bug 1483999]
Created libmspack tracking bugs for this issue: Affects: epel-all [bug 1484000]
Adam, rhel7 tracking bug is still missing?
clamav source , clean and not clean does not contain any cabd_read_string function neither libclamav/libmspack.c only libclamav/mspack.c [2], i.e those function only available on version 0.99.3 [3] anyway maybe also applicable to libmspack itself [1] [1] https://apps.fedoraproject.org/packages/libmspack [2] https://github.com/vrtadmin/clamav-devel/blob/0.99.2/libclamav/mspack.c [3] https://github.com/vrtadmin/clamav-devel/tree/0.99.3/libclamav