Critical : Clam AntiVirus (ClamAV) "cab_extract()" and "chm_decompress_stream()" Vulnerabilities CVE ID : CVE-2007-1745 - CVE-2007-1997
Rated as : Critical
Remotely Exploitable : Yes
Locally Exploitable : Yes
Release Date : 2007-04-13 Technical Description
Multiple vulnerabilities have been identified in Clam AntiVirus (ClamAV), which could be exploited by remote attackers or malware to execute arbitrary code or cause a denial of service.
The first issue is caused by a file descriptor leak error in the "chm_decompress_stream()" [libclamav/chmunpack.c] function, which could be exploited by attackers to crash an affected system via a specially crafted CHM file.
The second vulnerability is caused by a buffer overflow error in the "cab_unstore()" and "cab_extract()" [libclamav/cab.c] functions when processing the CAB file offset, which could be exploited by attackers to crash an affected application or compromise a vulnerable system via a specially crafted CAB file.
Two other file descriptor leak errors have been identified in "libclamav/pdf.c" and "libclamav/lockdb.c".Affected Products
Clam AntiVirus (ClamAV) version 0.90.1 and priorSolution
Upgrade to Clam AntiVirus (ClamAV) version 0.90.2 :http://sourceforge.net/projects/clamav/Referenceshttp://sourceforge.net/project/shownotes.php?release_id=500765&group_id=86638Credits
Vulnerabilities reported by the vendor and iDefense Labs