Re: [SECURITY] [DSA 1680-1] New clamav packages fix potential code execution

[Török Edwin <edwintorok@gmail.com>]

On 2008-12-05 20:15, Dominic Hargreaves wrote:
> On Thu, Dec 04, 2008 at 09:26:17AM +0100, Florian Weimer wrote:
>
>   
>> Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
>> from an off-by-one-error in its VBA project file processing, leading to
>> a heap-based buffer overflow and potentially arbitrary code execution
>> (CVE-2008-5050).
>>
>> Ilja van Sprundel discovered that ClamAV contains a denial of service
>> condition in its JPEG file processing because it does not limit the
>> recursion depth when processing JPEG thumbnails (CVE-2008-5314).
>>
>> For the stable distribution (etch), these problems have been fixed in
>> version 0.90.1dfsg-4etch16.
>>
>> For the unstable distribution (sid), these problems have been fixed in
>> version 0.94.dfsg.2-1.
>>     
>
> This looks like quite a serious bug (remote arbitrary code execution).
> Are there any plans for an update to volatile?

A zero is written past end of allocated heap memory, and not an
arbitrary/attacker-controlled character.
I don't see how you can execute arbitrary code with that.

Best regards,
--Edwin