A vulnerability was found in SourceFire ClamAV 0.97.6 (Anti-Malware Software). It has been rated as very critical. This issue affects the function wwunpack in the library libclamav/wwunpack.c of the component WWPack File Handler. The manipulation with an unknown input leads to a memory corruption vulnerability. Using CWE to declare the problem leads to CWE-119. The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer. Impacted is confidentiality, integrity, and availability.

The weakness was disclosed 03/15/2013 by Felix Groebert, Mateusz Jurczyk and Gynvael Coldwind as Further issue details about flaws corrected in upstream ClamAV 0.97.7 version as not defined mailinglist post (oss-sec). It is possible to read the advisory at seclists.org. The public release has been coordinated in cooperation with SourceFire. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Technical details of the vulnerability are known, but there is no available exploit. The pricing for an exploit might be around USD $0-$5k at the moment (estimation calculated on 05/10/2019).

Upgrading to version 0.97.7 eliminates this vulnerability. The upgrade is hosted for download at downloads.sourceforge.net. A possible mitigation has been published immediately after the disclosure of the vulnerability.

github.com is providing further details. The entry 8028 is pretty similar.

Productinfo

Type

• Anti-Malware Software

Vendor

• SourceFire

Name

• ClamAV

Version

• 0.97.6

License

• free

CPE 2.3info

• 🔍

CPE 2.2info

• 🔍

CVSSv4info

CVSSv3info

CVSSv2info

Exploitinginfo

Threat Intelligenceinfo

Countermeasuresinfo

Timelineinfo

Sourcesinfo

Entryinfo

Discussion