ClamAV 'libclamav/pe.c' MEW Packed PE File Integer Overflow Vulnerability

ClamAV is prone to an integer-overflow vulnerability because it fails to properly verify user-supplied data.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus