VULHUB ™

iDEFENSE Security Advisory 11.04.05 - Remote exploitation of a design error in Clam AntiVirus ClamAV allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists in the tnef_attachment function within tnef.c. A user controlled value is used to fseek into the file that is being processed; this allows a user to specify the same block for scanning repeatedly, thus leading to an infinite loop. iDEFENSE has confirmed this vulnerability on ClamAV 0.86.1. All previous versions are suspected vulnerable to this issue.

iDEFENSE Security Advisory 11.04.05 - Remote exploitation of a design error in Clam AntiVirus ClamAV allows attackers to cause a denial of service (DoS) condition. The vulnerability specifically exists in the tnef_attachment function within tnef.c. A user controlled value is used to fseek into the file that is being processed; this allows a user to specify the same block for scanning repeatedly, thus leading to an infinite loop. iDEFENSE has confirmed this vulnerability on ClamAV 0.86.1. All previous versions are suspected vulnerable to this issue.