mirror of
https://github.com/Cisco-Talos/clamav.git
synced 2026-05-01 04:06:45 -04:00
1c6746853f
There is a possible overflow read when loading PDB and WDB phishing signatures. This issue is not a vulnerability. Changed const char pointers to uint8_t pointers when they are to be used with data, as well as removing asserts and adding additional error checking. Thank you Michał Dardas for reporting this issue. This fix also resolves: - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43845 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43812 - https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=43866 This commit also fixes a minor leak of pattern matching trans nodes that was observed when testing with the MPOOL module disabled.