ClamAV < 0.99.1 Multiple Vulnerabilities
High Log Correlation Engine Plugin ID 802032
SynopsisThe specific version of ClamAV that the system is running is reportedly affected by multiple vulnerabilities.
DescriptionThe specific version of ClamAV that the system is running is reportedly affected by the following vulnerabilities:
- ClamAV contains an unspecified off-by-one flaw in the htmlnorm functionality that may allow an attacker to cause an out-of-bounds write. No further details have been provided.
- ClamAV contains an out-of-bounds read flaw in the autoit functionality. This may allow a context-dependent attacker to crash the program or potentially disclose memory contents.
- ClamAV contains an out-of-bounds dereference issue that is triggered during the parsing of mbox files. This may allow a context-dependent attacker to have an unspecified impact.
- ClamAV contains a flaw that is triggered during the handling of a specially crafted 7z file. This may allow a context-dependent attacker to cause a memory overlay and crash the program, which can leave the system vulnerable to other attacks.
SolutionUpgrade to ClamAV 0.99.1 or higher.