BitDefender, GSView and cURL are vulnerable due to obsolete compression library

Vulnerabilities that were discovered several years ago in the zlib compression library continue to have potentially far-reaching implications. Stefan Kanthak has now discovered vulnerable zlib versions in the BitDefender 10 "Free Edition" virus scanner, the GSView 4.8 graphical interface for the Ghostscript postcript interpreter, and the cURL 7.17.0 download tool. The vulnerabilities could be exploited to allow attackers to remotely execute arbitrary code with user privileges with the help of specially crafted documents.

BitDefender scanner's zlib DLL file, which has version 1.1.3 and is dated to 1998, contains a critical double free bug (CA-2002-07). BitDefender 7.2 and 8.0 apparently also contain the vulnerable zlib version. The latest Windows versions of GSView and cURL are based on zlib 1.2.2, which is vulnerable to buffer overflows (CVE-2005-2096). It is possible that older versions and the commercial versions of BitDefender – and not just the ones that were examined by Kanthak – are affected as well.

Kanthak used an interesting method to unearth some of the vulnerable libraries: he fed the open source Clam AntiVirus program with specially crafted signatures for the vulnerable zlib versions. The signatures were published by security expert Florian Weimer two years ago. Kanthak decided, as he told heise security, to release the information prior to update availability, because vendors have not answered his e-mails regarding the issue for over a year. Therefore, the only thing that guarantees reliable protection by now is to uninstall the vulnerable applications.

See also:

• Softwin's anti-virus BitDefender contains vulnerable zlib (CA-2002-07), by Stefan Kanthak
• Windows binary of "GSview 4.8" contain vulnerable zlib (CAN-2005-2096), by Stefan Kanthak
• Official Windows binaries of "curl" contain vulnerable zlib 1.2.2 (CAN-2005-2096), by Stefan Kanthak

(mba)