[clamav-users] Possible problem with daily.cld 25460 / CVE-2019-0903
Karl Pielorz
kpielorz_lst at tdx.co.uk
Mon May 27 08:21:32 UTC 2019
--On 25 May 2019 at 22:24:32 -0700 Al Varnell via clamav-users
<clamav-users at lists.clamav.net> wrote:
> Appears to be a malformed hex string in 3rd logical expression:
>
> * SUBSIG ID 2
> +-> OFFSET: ANY
> +-> SIGMOD: NONE
> +-> DECODED SUBSIGNATURE:
> LibClamAV Error: cli_hex2ui(): Malformed hexstring: 1 (length: 1)
> ERROR: Decoding failed (1): <<4#ib4#>0xB1B0AFBA)
> ERROR: Decoding failed
Good find - but bit disappointing if it is that - and it didn't get caught
(e.g. by QC etc. - malformed hex should really be caught?) - also, nothing
back from any devs about this? (though realising it was a weekend) - but it
looks like it could potentially affect 'everyone' :(
-Karl
More information about the clamav-users
mailing list