Clam Anti-Virus PE Rebuilding Heap Buffer Overflow Vulnerability

ClamAV is prone to a heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it to an insufficiently sized memory buffer.

Exploiting this issue could allow attacker-supplied machine code to execute in the context of the affected application. The issue would occur when the malformed file is scanned manually or automatically in deployments such as email gateways.

ClamAV version 0.88.4 is vulnerable to this issue.


Privacy Statement
Copyright 2010, SecurityFocus