FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- heap overflow vulnerability

Affected packages
0.88.1 <= clamav < 0.88.4
clamav-devel < 20060808

Details

VuXML ID 342d2e48-26db-11db-9275-000475abc56f
Discovery 2006-08-07
Entry 2006-08-08

Clamav team reports:

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code.

The problem is specifically located in the PE file rebuild function used by the UPX unpacker.

Relevant code from libclamav/upx.c:

memcpy(dst, newbuf, foffset); *dsize = foffset; free(newbuf); cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n"); return 1;

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.

References

CVE Name CVE-2006-4018
URL http://www.clamav.net/security/0.88.4.html