clamav: DoS (CVE-2015-2170, CVE-2015-2221)

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file (CVE-2015-2170). ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file (CVE-2015-2221).

CONFIRM: http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
http://ubuntu.com/usn/usn-2594-1
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2170
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-2221

(from redmine: issue id 4236, created on 2015-05-22, closed on 2015-06-05)

• Relations:
  • child #4237 (closed)
  • child #4238 (closed)
  • child #4239 (closed)
  • child #4240 (closed)