Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS (deprecated)

Medium

Synopsis

The remote antivirus service is vulnerable to a denial of service attack.

Description

According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such versions. A remote attacker may be able to leverage this issue to cause the application to recursively scan a specially crafted JPEG, which will eventually cause it to crash.

Solution

Upgrade to version 0.94.2 or higher.