|
RESEARCH
Security AdvisoriesClamAV LZH unpacking segmentation faultSynopsisClamav uses an external unpacker, which can be deterministically crashed, when processing corrupted LZH files.Affected SoftwareClamAV 0.93.3 and priorNon Affected SoftwareClamAV 0.94 and newerImpactRemote DoS, possibly remote code execution.Vendor Response"Support for external unpackers has been dropped in 0.94 for security issues"CreditsThis vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.Disclosure Timeline First private disclosure to vendor on October 14th 2008
|