ClamAV 'mspack.c' Off-By-One Buffer Overflow Vulnerability

ClamAV is prone to a buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to insufficiently sized memory buffers.

Successful exploits of this vulnerability can allow remote attackers to execute arbitrary machine code in the context of applications using the 'libclamav' library. Failed exploits may crash the application.

ClamAV 0.91.2 is vulnerable to this issue; other versions may also be affected.


 

Privacy Statement
Copyright 2010, SecurityFocus