clamav: DoS (CVE-2015-2170, CVE-2015-2221)
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file (CVE-2015-2170). ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file (CVE-2015-2221).
CONFIRM:
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://ubuntu.com/usn/usn-2594-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221
(from redmine: issue id 4236, created on 2015-05-22, closed on 2015-06-05)
- Relations:
- child #4237 (closed)
- child #4238 (closed)
- child #4239 (closed)
- child #4240 (closed)