I'm doing fuzzing tests on many programs. Yesterdays I tried ClamAV. I found a
bug in ole2 parser which can lead to DoS: eat 2 GB on hard drive and use CPU
during many minutes.
I built a .doc file of 87 KB with a property of 2 GB. The problem is that
property size is not checked. I don't know ClamAV but I think that size
bigger than 1 GB (or smaller) may be rejected. So OLE2 file with a property
size bigger than N bytes have to be rejected (N = min(filesize, maxsize)).
There is two problem:
- max property size
- loop in block chain
To build a 87 KB with a 2 GB property I created an unlimited chain in FAT
partition. So to fix the bug you can/should also check loop in block chain.
Contact me directly if you're a developer of ClamAV and you want my file.