icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ClamAV < 0.93.1 memcpy() .chm File Handling DoS

High

Synopsis

The remote host is vulnerable to a Denial of Service (DoS) attack.

Description

The remote host is running ClamAV client.

This version of ClamAV is vulnerable to a flaw within the 'libclamav/chmunpack.c' file. Specifically, when handling malformed '.chm' files, the application fails to adequately parse the file. An attacker sending a malformed .chm file to a server running ClamAV would be able to crash the service.

Solution

Upgrade to version 0.93.1 or higher.