Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ClamAV < 0.99.1 Multiple Vulnerabilities

High

Synopsis

The specific version of ClamAV that the system is running is reportedly affected by multiple vulnerabilities.

Description

The specific version of ClamAV that the system is running is reportedly affected by the following vulnerabilities:

- ClamAV contains an unspecified off-by-one flaw in the htmlnorm functionality that may allow an attacker to cause an out-of-bounds write. No further details have been provided.

- ClamAV contains an out-of-bounds read flaw in the autoit functionality. This may allow a context-dependent attacker to crash the program or potentially disclose memory contents.

- ClamAV contains an out-of-bounds dereference issue that is triggered during the parsing of mbox files. This may allow a context-dependent attacker to have an unspecified impact.

- ClamAV contains a flaw that is triggered during the handling of a specially crafted 7z file. This may allow a context-dependent attacker to cause a memory overlay and crash the program, which can leave the system vulnerable to other attacks.

Solution

Upgrade to ClamAV 0.99.1 or higher.