1
PublicDateAtUSN: 2012-03-21
2
Candidate: CVE-2012-1457
5
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1457
6
http://www.ieee-security.org/TC/SP2012/program.html
7
https://usn.ubuntu.com/usn/usn-1482-1
9
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK
10
2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus
11
10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV
12
0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe
13
7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus
14
Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7
15
AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus
16
Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C,
17
Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32
18
Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5,
19
Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint
20
Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall
21
9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote
22
attackers to bypass malware detection via a TAR archive entry with a length
23
field that exceeds the total TAR file size. NOTE: this may later be SPLIT
24
into multiple CVEs if additional information is published showing that the
25
error occurred independently in different TAR parser implementations.
29
https://bugzilla.clamav.net/show_bug.cgi?id=4625
35
upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
36
upstream_clamav: released (0.97.5)
37
hardy_clamav: ignored (reached end-of-life)
38
lucid_clamav: released (0.96.5+dfsg-1ubuntu1.10.04.4)
39
maverick_clamav: ignored (reached end-of-life)
40
natty_clamav: released (0.97.5+dfsg-1ubuntu0.11.04.1)
41
oneiric_clamav: released (0.97.5+dfsg-1ubuntu0.11.10.1)
42
precise_clamav: released (0.97.5+dfsg-1ubuntu0.12.04.1)
43
devel_clamav: not-affected (0.97.5+dfsg-1ubuntu1)