|
|
| |
|
| |
clamav: multiple vulnerabilities
| Package(s): | clamav |
CVE #(s): | CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
|
| Created: | June 18, 2012 |
Updated: | August 17, 2012 |
| Description: |
From the Mandriva advisory:
The TAR file parser in ClamAV 0.96.4 allows remote attackers to bypass
malware detection via a TAR archive entry with a length field that
exceeds the total TAR file size. NOTE: this may later be SPLIT into
multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations
(CVE-2012-1457).
The Microsoft CHM file parser in ClamAV 0.96.4 allows remote attackers
to bypass malware detection via a crafted reset interval in the LZXC
header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs
if additional information is published showing that the error occurred
independently in different CHM parser implementations (CVE-2012-1458).
The TAR file parser in ClamAV 0.96.4 allows remote attackers to
bypass malware detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header of the
next entry. NOTE: this may later be SPLIT into multiple CVEs if
additional information is published showing that the error occurred
independently in different TAR parser implementations (CVE-2012-1459). |
| Alerts: |
|
( Log in to post comments)
|
|
|