icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ClamAV < 0.94 Multiple Vulnerabilities

High

Synopsis

The remote antivirus service is affected by multiple issues.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94. Such versions are affected by one or more of the following issues :

- A segmentation fault can occur when processing corrupted LZH files. (Bug #1052)

- Invalid memory access errors in 'libclamav/chmunpack.c' when processing malformed CHM files may lead to a crash. (Bug #1089)

- An out-of-memory null dereference issue exists in 'libclamav/message.c' / 'libclamav/mbox.c'. (Bug #1141)

- Possible error path memory leaks exist in 'freshclam/manager.c'. (Bug #1141)

- There is an invalid close on error path in 'shared/tar.c'. (Bug #1141)

- There are multiple file descriptor leaks involving the 'error path' in 'libclamav/others.c' and 'libclamav/sis.c'. (Bug #1141).

Solution

Upgrade to version 0.94 or higher.