A heap overflow vulnerability was discovered in libclamav
which could cause a denial of service or allow the
execution of arbitrary code.
The problem is specifically located in the PE file rebuild
function used by the UPX unpacker.
Relevant code from libclamav/upx.c:
memcpy(dst, newbuf, foffset);
*dsize = foffset;
free(newbuf);
cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
return 1;
Due to improper validation it is possible to overflow the above
memcpy() beyond the allocated memory block.