*** This bug is a security vulnerability ***
Public security bug reported:
Binary package hint: clamav
There is a recursive stack overflow in clamav 0.93.3 and 0.94 (and probably
older versions) in the jpeg parsing code.
it scan's the jpeg file, and if there is a thumbnail, it'll scan that too. the
thumbnail itself is just another jpeg
file and the same jpeg scanning function gets called without checking any kind
of recurising limit. this can easely
lead to a recurisive stack overflow. the vulnerable code looks like:
clamav-0.94\libclamav\special.c
int cli_check_jpeg_exploit(int fd) <-- fd to jpeg file
Fixed upstream in 0.94.2
** Affects: clamav (Ubuntu)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: Fix Released
** Affects: clamav (Ubuntu Intrepid)
Importance: High
Assignee: Scott Kitterman (kitterman)
Status: In Progress
** Visibility changed to: Public
** Changed in: clamav (Ubuntu Intrepid)
Importance: Undecided => High
Assignee: (unassigned) => Scott Kitterman (kitterman)
Status: New => In Progress
** Changed in: clamav (Ubuntu)
Importance: Undecided => High
Assignee: (unassigned) => Scott Kitterman (kitterman)
Status: New => Fix Released
--
Recursive stack overflow in jpeg parsing code
https://bugs.launchpad.net/bugs/304017
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
