–[ Synopsis:
Clamav uses an external unpacker, which can be deterministically crashed,
when processing corrupted LZH files.
–[ Affected Software:
–[ Non Affected Software:
–[ Impact:
Remote DoS, possibly remote code execution.
–[ Vendor response:
–[ Credits:
This vulnerability was discovered by Security Researcher
Jonathan Brossard from iViZ Techno Solutions Pvt. Ltd.
–[ Disclosure timeline:
–[ Reference:
http://www.ivizsecurity.com/security-advisory.html