FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- multiple vulnerabilities

Affected packages
clamav < 0.97.5
clamav-devel < 20120612

Details

VuXML ID eb12ebee-b7af-11e1-b5e0-000c299b62e1
Discovery 2012-03-19
Entry 2012-06-16

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.

References

CVE Name CVE-2012-1419
CVE Name CVE-2012-1457
CVE Name CVE-2012-1458
CVE Name CVE-2012-1459