oss-sec mailing list archives
Re: CVE Request: off by one DoS in pe_icons.c
From: Josh Bressers <bressers () redhat com>
Date: Tue, 25 May 2010 15:11:10 -0400 (EDT)
Please use CVE-2010-1640 for this.
Thanks.
--
JB
----- "Jamie Strandboge" <jamie () canonical com> wrote:
Though the bug report and patch have very little details, our clamav maintainer confirmed with upstream that the following commit fixes a DoS via off by one error. It only affects 0.96 (code not present in earlier versions). A quick look at the code and patch suggests an out of bounds access on the dynamically allocated *imagedata array. https://wwws.clamav.net/bugzilla/show_bug.cgi?id=2031 http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=7f0e3bbf77382d9782e0189bf80f5f59a95779b3 -- Jamie Strandboge | http://www.canonical.com
Current thread:
- CVE Request: off by one DoS in pe_icons.c Jamie Strandboge (May 21)
- Re: CVE Request: off by one DoS in pe_icons.c Josh Bressers (May 25)
- Re: CVE Request: off by one DoS in pe_icons.c Steven M. Christey (May 25)
- Re: CVE Request: off by one DoS in pe_icons.c Josh Bressers (May 25)