FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- multiple vulnerabilities

Affected packages
clamav < 0.97.5
clamav-devel < 20120612

Details

VuXML ID eb12ebee-b7af-11e1-b5e0-000c299b62e1
Discovery 2012-03-19
Entry 2012-06-16

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

[source]

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

[source]

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

[source]

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.

[source]

References

CVE Name CVE-2012-1419
CVE Name CVE-2012-1457
CVE Name CVE-2012-1458
CVE Name CVE-2012-1459

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.