Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:17455
HistoryJul 11, 2007 - 12:00 a.m.

[Full-disclosure] Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.

2007-07-1100:00:00
vulners.com
15
JSON

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Vendor

Clam Antivirus (http://www.clamav.net)

Product

Clamav (libclamav)

Versions Affected

All before 0.91

Severity

Moderate

Issue

Clamav crashes due to processing of standard filters in RAR VM, while processing a
corrupted RAR file. Processing the corrupted file results in a null pointer deference.

Impact

Processing the corrupted file will result in crashing of clamscan application and
clamd daemon.

Fix

Upgrade to version 0.91.

PoC

http://www.metaeye.org/codes/corrupted.rar

Vendor Status

Reported: 25/06/2007
Fixed: 11/07/2007

References

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555
http://www.metaeye.org/advisories/54

Metaeye SG // http://www.metaeye.org

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)

iD8DBQFGlPN/gHlN5ncUR6wRAo1AAJ9dNI51Y4t5BRG3aqIUHPih8cJQ7ACfVrW1
21o5Oadk6A7OVGhdzJph2gk=
=YuBi
-----END PGP SIGNATURE-----

Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

JSON