CVE-2012-1419

Description

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Affected products

• cat / quick_heal11.00 – 11.00
• ClamAV / ClamAV0.96.4 – 0.96.4

References

• MISChttp://www.securityfocus.com/archive/1/522005
• MISChttp://www.securityfocus.com/bid/52572
• MISChttp://osvdb.org/80409
• MISChttp://www.ieee-security.org/TC/SP2012/program.html