ClamAV versions up to 0.88.3 DoS
A Secunia bulletin earlier today alerted us to a potential denial of service in the popular open-source anti-virus package ClamAV.  The vulnerability is in the pefromupx() routine for unpacking a UPX packed PE executable.  The advisory states that all versions up to, and including, 0.88.4 are vulnerable.  The front page of states that the latest stable version is 0.88.4, but the "stable" page only mentions 0.88.3 released last month.  The sourceforge download page lists a clamav-0.88.4.tar.gz (and .sig), but at the time of this writing, actually clicking on the link results in a "file not found" error.  So, it looks like they are scrambling to fix this one and the new version should be available shortly.

Jim Clausing,  jclausing --at--
I will be teaching next: Reverse-Engineering Malware: Malware Analysis Tools and Techniques - SANS Tokyo Autumn 2022


423 Posts
ISC Handler
Aug 7th 2006

Sign Up for Free or Log In to start participating in the conversation!