oss-sec mailing list archives
Re: CVE request: clamav < 0.96.3 pdf bounds checking
From: Josh Bressers <bressers () redhat com>
Date: Mon, 27 Sep 2010 15:47:47 -0400 (EDT)
Use CVE-2010-3434 If someone has more information, or an upstream contact it would be much appreciated. Thanks. -- JB ----- "Hanno Böck" <hanno () hboeck de> wrote:
As always, clamav doesn't mention security issues in it's release notes, but the changelog gives some insight. The bundled bzip2 code is affected by CVE-2010-0405 which is no surprise. This however sounds more interesting: Mon Sep 20 14:50:34 EEST 2010 (edwin) ------------------------------------- * libclamav/pdf.c: Add missing boundscheck to pdf code (bb #2226) The referenced bug report is not public, but it sounds like this deserves a CVE. -- Hanno Böck Blog: http://www.hboeck.de/ GPG: 3DBD3B20 Jabber/Mail: hanno () hboeck de http://schokokeks.org - professional webhosting
Current thread:
- CVE request: clamav < 0.96.3 pdf bounds checking Hanno Böck (Sep 22)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Josh Bressers (Sep 27)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Ludwig Nussel (Sep 28)
- Re: CVE request: clamav < 0.96.3 pdf bounds checking Josh Bressers (Sep 27)