The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "clamav", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-base", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-daemon", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-daemon-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-dbg", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-docs", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-freshclam", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-freshclam-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-milter", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-milter-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "clamav-testfiles", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "libclamav-dev", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "libclamav-dev-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "libclamav7", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" }, { "binary_name": "libclamav7-dbgsym", "binary_version": "0.99.2+addedllvm-0ubuntu0.14.04.2" } ] }
{ "ubuntu_priority": "medium", "availability": "No subscription required", "binaries": [ { "binary_name": "clamav", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-base", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-daemon", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-daemon-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-dbg", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-docs", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-freshclam", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-freshclam-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-milter", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-milter-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamav-testfiles", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamdscan", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "clamdscan-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "libclamav-dev", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "libclamav-dev-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "libclamav7", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" }, { "binary_name": "libclamav7-dbgsym", "binary_version": "0.99.2+dfsg-0ubuntu0.16.04.2" } ] }