Vigil@nce - ClamAV: denial of service via an icon
May 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can send a PE file with a malicious icon, in order to
stop ClamAV.
Severity: 1/4
Creation date: 24/05/2010
DESCRIPTION OF THE VULNERABILITY
The PE format is used by Windows executable programs. It can
contain icons.
The parseicon() function of the libclamav/pe_icons.c file
resizes/scales icons. However, a computation error forces a read
at an invalid memory address.
An attacker can therefore send a PE file with a malicious icon, in
order to stop ClamAV.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/ClamAV-denial-of-service-via-an-icon-9661