BBabba found a heap-based overflow flaw, in the way Clam AntiVirus's command line anti-virus scanner performed scanning of Portable Document Format (PDF) files. If a local user was tricked into scanning a specially-crafted PDF file, it could lead to clamscan executable crash, or, potentially, arbitrary code execution with the privileges of the user running the clamscan tool. Upstream bug report: [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016 Upstream changeset: [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236 CVE Request: [3] http://www.openwall.com/lists/oss-security/2010/05/21/5
This issue affects the current versions of the clamav package, as shipped with Fedora releases of 11 and 12. This issue affects the current versions of the clamav package, as shipped within EPEL-4 and EPEL-5 repositories. Please fix.
This has been assigned CVE-2010-1639.
Why is this still in state ON_QA if the blocking bug was closed on AUgust 18, 2010?
Most likely due to EPEL4 and 5 still providing clamav-0.95.1 which does not have this fix. The blocking bug probably shouldn't have been closed until EPEL was updated.
I suggest to make individual bugs for all affected releases and let this bug block all of them to avoid confusion.
We used to do that, and folks were (understandably) annoyed at the volume of bugs, so now we use one when it affects everything and get more granular if an issue affects one release and not another. It should have probably been clearer that EPEL was affected, although comment #1 did indicate that.
Created clamav tracking bugs for this issue Affects: epel-all [bug 667203]
They should be pushed to stable, or will be soon. Please reopen if bug still exists.