iViZ Security

Security Advisories

AVG antivirus for Linux

Synopsis

AVG antivirus can be deterministically forced to crash (segmentation fault) when analyzing corrupted UPX files.

Affected Software

AVG for Linux version 7.5.51 (current), possibly others.

Impact

Remote DoS, possibly remote code execution.

Vendor Response

None.

Credits

This vulnerability was discovered by Security Researcher Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.

Disclosure Timeline

First attempt to contact the vendor on September 18th 2008.
Received an automated reply on September 18th 2008.
No actual reponse from vendor in spite of our multiple emails.



Back to Security Advisories