diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 0e1082a15a14..d576b7f9a14a 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -32,6 +32,52 @@ EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. --> + + clamav -- multiple remote buffer overflows + + + clamav + 0.86.2 + + + clamav-devel + 20050704 + + + + +

An Secunia Advisory reports:

+
+

Neel Mehta and Alex Wheeler have reported some + vulnerabilities in Clam AntiVirus, which can be exploited + by malicious people to cause a DoS (Denial of Service) + or compromise a vulnerable system.

+
    +
  1. Two integer overflow errors in "libclamav/tnef.c" + when processing TNEF files can be exploited to cause + a heap-based buffer overflow via a specially crafted + TNEF file with a length value of -1 in the header.
    2. +
  2. An integer overflow error in "libclamav/chmunpack.c" + can be exploited to cause a heap-based buffer overflow + via a specially crafted CHM file with a chunk entry that + has a filename length of -1.
    3. +
  3. A boundary error in "libclamav/fsg.c" when + processing a FSG compressed file can cause a heap-based + buffer overflow.
    4. +
+
+ + + + http://www.rem0te.com/public/images/clamav.pdf + http://secunia.com/advisories/16180/ + + + 2005-07-24 + 2005-07-25 + + + isc-dhcpd -- format string vulnerabilities