Security vulnerability in ClamAV - Upack Processing Buffer Overflow!

Hi malware fighters,

As a lot of our users use ClamAV as a non-resident extra open source AV-solution next to their avast resident AV-solution, caution should be taken scanning certain files. A vulnerability is caused due to a boundary error within the “cli_scanpe()” function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted “Upack” executable.

Users of ClamAV are advised NOT to scan PE files for the moment, because of a hole that attackers can exploit. This until a patch is can be applied, see:
http://secunia.com/advisories/29000/

polonus

sometimes i wonder why if it’s something critical like this they must expose nearly complete ‘how2abuse’ details before authors can release fix …

especially if it’s from Secunia lab and vulnerable is OSS software …

quite weird behavior