On 2008-12-05 20:15, Dominic Hargreaves wrote: > On Thu, Dec 04, 2008 at 09:26:17AM +0100, Florian Weimer wrote: > > >> Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers >> from an off-by-one-error in its VBA project file processing, leading to >> a heap-based buffer overflow and potentially arbitrary code execution >> (CVE-2008-5050). >> >> Ilja van Sprundel discovered that ClamAV contains a denial of service >> condition in its JPEG file processing because it does not limit the >> recursion depth when processing JPEG thumbnails (CVE-2008-5314). >> >> For the stable distribution (etch), these problems have been fixed in >> version 0.90.1dfsg-4etch16. >> >> For the unstable distribution (sid), these problems have been fixed in >> version 0.94.dfsg.2-1. >> > > This looks like quite a serious bug (remote arbitrary code execution). > Are there any plans for an update to volatile?
A zero is written past end of allocated heap memory, and not an arbitrary/attacker-controlled character. I don't see how you can execute arbitrary code with that. Best regards, --Edwin -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
