Red Hat Bugzilla – Bug 432623
Further ClamAV libclamav PE File Integer Overflow Vulnerability
Last modified: 2008-02-14 11:40:30 EST
Description of problem:
Remote exploitation of an integer overflow vulnerability in Clam AntiVirus'
ClamAV, as included in various vendors' operating system distributions, allows
attackers to execute arbitrary code with the privileges of the affected
The vulnerability exists within the code responsible for parsing and scanning
PE files. While iterating through all sections contained in the PE file,
several attacker controlled values are extracted from the file. On each
iteration, arithmetic operations are performed without taking into
consideration 32-bit integer wrap.
Since insufficient integer overflow checks are present, an attacker can cause
a heap overflow by causing a specially crafted Petite packed PE binary to be
scanned. This results in an exploitable memory corruption condition.
Version-Release number of selected component (if applicable):
Immediate upgrade to 0.92.1
This is CVE-2008-0318.
38334 (clamav): Build on target fedora-5-epel succeeded.
38335 (clamav): Build on target fedora-4-epel succeeded.