icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons icons_061

ClamAV < 0.97.7 Multiple Vulnerabilities

Medium

Synopsis

The remote host is running an anti-virus application that is affected by multiple vulnerabilities

Description

Versions of ClamAV earlier than 0.97.7 are potentially affected by the following vulnerabilities :

- A memory access error exists related to the function 'check_user_password' and debug-printing that could access 32 bytes rather than the proper 16 bytes. (Issue 6804)

- A heap-corruption error exists in the function 'wwunpack' in the file 'libclamav/wwunpack.c' related to unpacking 'WWPack' files. (Issue 6806)

- An unspecified overflow error exists related to 'y0da' emulation that could result in application crashes or other unspecified impact. (Issue 6809)

- A double-free error exists in the function 'unrar_extract_next_prepare' in the file 'libclamunrar_iface/unrar_iface.c' related to handling 'RAR' files

Solution

Upgrade to ClamAV 0.97.7 or later.