Red Hat Bugzilla – Bug 210973
clamav < 0.88.5 CHM and PE vulnerabilities
Last modified: 2007-11-30 17:11:45 EST
(Apparently no CVE id available yet)
Two vulnerabilities have been reported in Clam AntiVirus, which potentially
can be exploited by malicious people to cause a DoS (Denial of Service) or
compromise a vulnerable system.
1) An unspecified error in the CHM unpacker in chmunpack.c can be exploited to
cause a DoS.
2) An unspecified error in rebuildpe.c when rebuilding PE files after
unpacking can be exploited to cause a heap-based buffer overflow.
FE seem affected.
Appears to be fixed in all branches.