> Hi, > here are the CVE ids for this: > > ====================================================== > Name: CVE-2008-6680 > Status: Candidate > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6680 > Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1335 > > libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause > a denial of service (crash) via a crafted EXE file that triggers a > divide-by-zero error. > > > ====================================================== > Name: CVE-2009-1270 > Status: Candidate > URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1270 > Reference: CONFIRM:https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1462 > > libclamav/untar.c in ClamAV before 0.95 allows remote attackers to > cause a denial of service (infinite loop) via a crafted file that > causes (1) clamd and (2) clamscan to hang. >
Thanks a lot for digging up these. A patched version is sitting in our repository and we'll soon send out the patch and upload request to the security team. Best, Michael
pgpVFBYPoJYgd.pgp
Description: PGP signature
