Technical Description

Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to execute arbitrary code or cause a denial of service.

The first issue is caused by a file descriptor leak error in the "chm_decompress_stream()" [libclamav/chmunpack.c] function, which could be exploited by attackers to crash an affected system via a specially crafted CHM file.

The second vulnerability is caused by a buffer overflow error in the "cab_unstore()" [libclamav/cab.c] function when processing a negative value read from a CAB file, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a specially crafted CAB file.

Two other file descriptor leak errors have been identified in "libclamav/pdf.c" and "libclamav/lockdb.c".

Affected Products

Clam AntiVirus (ClamAV) version 0.90.1 and prior

Solution

Upgrade to Clam AntiVirus (ClamAV) version 0.90.2 :
http://sourceforge.net/projects/clamav/

References

http://www.vupen.com/english/advisories/2007/1378
http://sourceforge.net/project/shownotes.php?release_id=500765&group_id=86638
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513

Credits

Vulnerabilities reported by the vendor and iDefense Labs

ChangeLog

2007-04-13 : Initial release
2007-04-16 : Updated References

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.