1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
|
PublicDateAtUSN: 2012-03-21
Candidate: CVE-2012-1458
PublicDate: 2012-03-21
References:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-1458
http://www.ieee-security.org/TC/SP2012/program.html
http://www.ubuntu.com/usn/usn-1482-1
Description:
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0
allows remote attackers to bypass malware detection via a crafted reset
interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT
into multiple CVEs if additional information is published showing that the
error occurred independently in different CHM parser implementations.
Ubuntu-Description:
Notes:
Bugs:
https://bugzilla.clamav.net/show_bug.cgi?id=4626
Priority: medium
Discovered-by:
Assigned-to: mdeslaur
Patches_clamav:
upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=a58b68f8adf2466b761ce05f74a4580c1f74fbe6
upstream: http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=9d6be7c56091f012e90074122db4ec12d3516011 (related)
upstream_clamav: released (0.97.5)
hardy_clamav: ignored (reached end-of-life)
lucid_clamav: released (0.96.5+dfsg-1ubuntu1.10.04.4)
maverick_clamav: ignored (reached end-of-life)
natty_clamav: released (0.97.5+dfsg-1ubuntu0.11.04.1)
oneiric_clamav: released (0.97.5+dfsg-1ubuntu0.11.10.1)
precise_clamav: released (0.97.5+dfsg-1ubuntu0.12.04.1)
devel_clamav: not-affected (0.97.5+dfsg-1ubuntu1)
|