Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20150503162259.GA2068@breakpoint.cc>
Date: Sun, 3 May 2015 18:22:59 +0200
From: Sebastian Andrzej Siewior <cve-announce@...breakpoint.cc>
To: oss-security@...ts.openwall.com
Subject: CVE-2015-2170: clamav: crash on crafted upx packed file

UPX [0] is a executable file compressor which is able to compress various
executable formats including PE and ELF files. Clamav [1] is a virus scanning
tool which is able to unpack such files during scanning.

During unpacking there are two range checks which are implemented "manually".
Those checks lack the detection of overflows which are considered by the
CLI_ISCONTAINED() macro. This has been fixed [2] and is part of the 0.98.7
release.
This bug has been discovered by AFL [3], american fuzzy lop.

[0] http://upx.sourceforge.net/
[1] http://www.clamav.net/
[2] https://github.com/vrtadmin/clamav-devel/commit/625f5a9b8f008b8714850e4aa064dee1de06e534
[3] http://lcamtuf.coredump.cx/afl/

Sebastian

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.