ClamAV 0.94.2 resolves buffer overflow when scanning JPGs
With the release of version 0.94.2, the developers of ClamAV have fixed a flaw that could crash the scanner when it is parsing malformed jpegs. This is caused by a recursive buffer overflow that occurs when scanning thumbnails contained in the images. The thumbnails themselves are jpegs, and they are checked by the same ClamAV function cli_check_jpeg_exploit
in libclamav/special.c
used to check the original images.
The report says that the thumbnail can contain a further thumbnail which, because there are no recursion limits, will result in an overflow if malformed images are scanned. The update sets a recursion limit.
ClamAV has been using Twitter since the beginning of November to keep users informed of the latest developments, such as the release of new signatures.
See also:
- File Release Notes and Changelog, details of ClamAV 0.94.2
- recursive stack overflow in jpeg parsing code, security advisory in ClamAV database
(djwm)