Bug 432624 - Further ClamAV libclamav PE File Integer Overflow Vulnerability
Further ClamAV libclamav PE File Integer Overflow Vulnerability
Status: CLOSED DUPLICATE of bug 432753
Product: Fedora
Classification: Fedora
Component: clamav (Show other bugs)
All Linux
low Severity urgent
: ---
: ---
Assigned To: Enrico Scholz
Fedora Extras Quality Assurance
: Security
Depends On:
  Show dependency treegraph
Reported: 2008-02-13 08:37 EST by Robert Scheck
Modified: 2008-02-14 00:27 EST (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-02-14 00:27:39 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Robert Scheck 2008-02-13 08:37:49 EST
Description of problem:
Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' 
ClamAV, as included in various vendors' operating system distributions, allows 
attackers to execute arbitrary code with the privileges of the affected 

The vulnerability exists within the code responsible for parsing and scanning 
PE files. While iterating through all sections contained in the PE file, 
several attacker controlled values are extracted from the file. On each 
iteration, arithmetic operations are performed without taking into 
consideration 32-bit integer wrap. 

Since insufficient integer overflow checks are present, an attacker can cause
a heap overflow by causing a specially crafted Petite packed PE binary to be 
scanned. This results in an exploitable memory corruption condition.

Version-Release number of selected component (if applicable):

Expected results:
Immediate upgrade to 0.92.1
Comment 2 Felix Schwarz 2008-02-13 16:08:08 EST
This is CVE-2008-0318. Can you please add 'security' as a keyword?
Comment 3 Lubomir Kundrak 2008-02-14 00:27:39 EST
This is already fixed in Fedora.

*** This bug has been marked as a duplicate of 432753 ***

Note You need to log in before you can comment on or make changes to this bug.