CVE-2012-1457 (retired)

Priority
Description
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK
2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus
10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV
0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe
7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus
Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7
AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus
Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C,
Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32
Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5,
Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint
Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall
9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote
attackers to bypass malware detection via a TAR archive entry with a length
field that exceeds the total TAR file size. NOTE: this may later be SPLIT
into multiple CVEs if additional information is published showing that the
error occurred independently in different TAR parser implementations.
Assigned-to
mdeslaur
Package
Upstream:released (0.97.5)
Ubuntu 12.04 ESM (Precise Pangolin):not-affected (0.97.5+dfsg-1ubuntu1)
Patches:
Upstream:http://git.clamav.net/gitweb?p=clamav-devel.git;a=commit;h=8e199ae3cfb2b862b8bc36d9a01c8f8d716169ab
More Information

Updated: 2019-03-26 12:01:16 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)