Re: [Pkg-clamav-devel] Etch backported security fixes

Florian Weimer Wed, 03 Dec 2008 03:39:01 -0800

* Michael Tautschnig:

> +--- a/libclamav/vba_extract.c        2008-11-11 01:25:27.000000000 +0100
> ++++ b/libclamav/vba_extract.c        2008-11-11 01:26:24.000000000 +0100
> +@@ -110,7 +110,7 @@
> +                 return NULL;
> +         }
> + 
> +-        newname = (char *) cli_malloc(size*7);
> ++        newname = (char *) cli_malloc(size*7+1);
> +         if (!newname) {
> +                 return NULL;
> +         }


This does look like a potential integer overflow, but according to a
quick check, it's okay because all callers use something coming from a
16-bit unsigned value.

Has a CVE been assigned in the meantime?

_______________________________________________
Pkg-clamav-devel mailing list
[email protected]
http://lists.alioth.debian.org/mailman/listinfo/pkg-clamav-devel

Re: [Pkg-clamav-devel] Etch backported security fixes

Reply via email to