[Secure-testing-team] New clamav vulnerabilities
micah
micah at debian.org
Fri Nov 4 03:35:44 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Steven,
Please assign CVEs for the following public vulnerabilities in clamav:
REFERENCE: IDEF1169
URL: http://www.blacksheepnetworks.com/security/security/fulldisc/1169.html
A possible denial of service has been found in the libclamav/tnef.c code
of clamav.
REFERENCE: IDEF1180
URL: http://www.blacksheepnetworks.com/security/security/fulldisc/1180.html
A possible denial of service has been found in the
libclamav/mspack/cabd.c of clamav.
REFERENCE: ZDI-CAN-004
URL:
http://cvs.sourceforge.net/viewcvs.py/clamav/clamav-devel/libclamav/fsg.c?rev=1.8&view=markup
The buffer size calculation code in clamav could be by-passed due to a
vulnerability in libclamav/fsg.c.
Thanks,
Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFDatcQ9n4qXRzy1ioRAueOAKCGF7R8/Rs4LSg5Cc32aPfWuc/0ewCgsVm3
HHkkVTzbRzP9ua2jv+gyTR8=
=umHD
-----END PGP SIGNATURE-----
More information about the Secure-testing-team
mailing list