Bug 595318 (CVE-2010-1639) - CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious PDF file(s)
Summary: CVE-2010-1639 Clam AntiVirus: Heap-based overflow, when processing malicious ...
Keywords:
Status: CLOSED NEXTRELEASE
Alias: CVE-2010-1639
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL: https://wwws.clamav.net/bugzilla/show...
Whiteboard: public=20100510,reported=20100521,sou...
Depends On: 595321 667203
Blocks:
TreeView+ depends on / blocked
 
Reported: 2010-05-24 11:26 UTC by Jan Lieskovsky
Modified: 2019-06-08 13:00 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2011-04-07 22:02:37 UTC


Attachments (Terms of Use)

Description Jan Lieskovsky 2010-05-24 11:26:12 UTC
BBabba found a heap-based overflow flaw, in the way Clam AntiVirus's
command line anti-virus scanner performed scanning of Portable Document
Format (PDF) files. If a local user was tricked into scanning a
specially-crafted PDF file, it could lead to clamscan executable
crash, or, potentially, arbitrary code execution with the privileges
of the user running the clamscan tool.

Upstream bug report:
  [1] https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2016

Upstream changeset:
  [2] http://git.clamav.net/gitweb?p=clamav-devel.git;a=commitdiff;h=f0eb394501ec21b9fe67f36cbf5db788711d4236

CVE Request:
  [3] http://www.openwall.com/lists/oss-security/2010/05/21/5

Comment 1 Jan Lieskovsky 2010-05-24 11:30:52 UTC
This issue affects the current versions of the clamav package, as shipped
with Fedora releases of 11 and 12.

This issue affects the current versions of the clamav package, as shipped
within EPEL-4 and EPEL-5 repositories.

Please fix.

Comment 3 Vincent Danen 2010-05-25 21:24:06 UTC
This has been assigned CVE-2010-1639.

Comment 4 Christoph Wickert 2010-12-29 17:37:27 UTC
Why is this still in state ON_QA if the blocking bug was closed on AUgust 18, 2010?

Comment 5 Vincent Danen 2011-01-04 17:33:58 UTC
Most likely due to EPEL4 and 5 still providing clamav-0.95.1 which does not have this fix.  The blocking bug probably shouldn't have been closed until EPEL was updated.

Comment 6 Christoph Wickert 2011-01-04 17:43:35 UTC
I suggest to make individual bugs for all affected releases and let this bug block all of them to avoid confusion.

Comment 7 Vincent Danen 2011-01-04 18:45:58 UTC
We used to do that, and folks were (understandably) annoyed at the volume of bugs, so now we use one when it affects everything and get more granular if an issue affects one release and not another.  It should have probably been clearer that EPEL was affected, although comment #1 did indicate that.

Comment 8 Vincent Danen 2011-01-04 19:37:28 UTC
Created clamav tracking bugs for this issue

Affects: epel-all [bug 667203]

Comment 9 Nick Bebout 2011-04-07 22:02:37 UTC
They should be pushed to stable, or will be soon.  Please reopen if bug still exists.


Note You need to log in before you can comment on or make changes to this bug.