• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

ClamAV 'libclamav/pe.c' UPACK File Heap Based Buffer Overflow Vulnerability

ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the vulnerable 'libclamav' library. Failed exploit attempts will likely cause denial-of-service conditions.

ClamAV 0.92 and 0.92.1 are vulnerable to this issue; other versions may also be affected.