FreeBSD : clamav -- possible heap overflow in the UPX code (612a34ec-81dc-11da-a043-0002a5c3d308)
High Nessus Plugin ID 21439
The remote FreeBSD host is missing one or more security-related updates.
The Zero Day Initiative reports : This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.