Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) prior to 0.90.2 allow remote malicious users to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
clam anti-virus clamav 0.90_rc2 |
||
clam anti-virus clamav 0.90_rc3 |
||
clam anti-virus clamav 0.90.2 |
||
clam anti-virus clamav 0.90_rc1.1 |
||
clam anti-virus clamav 0.90 |
||
clam anti-virus clamav 0.90.1 |