[Bug 304017] [NEW] Recursive stack overflow in jpeg parsing code

[Scott Kitterman]

*** This bug is a security vulnerability ***

Public security bug reported:

Binary package hint: clamav

There is a recursive stack overflow in clamav 0.93.3 and 0.94 (and probably
older versions) in the jpeg parsing code.
it scan's the jpeg file, and if there is a thumbnail, it'll scan that too. the
thumbnail itself is just another jpeg 
file and the same jpeg scanning function gets called without checking any kind
of recurising limit. this can easely 
lead to a recurisive stack overflow. the vulnerable code looks like: 
clamav-0.94\libclamav\special.c
int cli_check_jpeg_exploit(int fd) <-- fd to jpeg file

Fixed upstream in 0.94.2

** Affects: clamav (Ubuntu)
     Importance: High
     Assignee: Scott Kitterman (kitterman)
         Status: Fix Released

** Affects: clamav (Ubuntu Intrepid)
     Importance: High
     Assignee: Scott Kitterman (kitterman)
         Status: In Progress

** Visibility changed to: Public

** Changed in: clamav (Ubuntu Intrepid)
   Importance: Undecided => High
     Assignee: (unassigned) => Scott Kitterman (kitterman)
       Status: New => In Progress

** Changed in: clamav (Ubuntu)
   Importance: Undecided => High
     Assignee: (unassigned) => Scott Kitterman (kitterman)
       Status: New => Fix Released

-- 
Recursive stack overflow in jpeg parsing code
https://bugs.launchpad.net/bugs/304017
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.

-- 
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs