Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

ClamAV < 0.97 Multiple Vulnerabilities

High

Synopsis

The remote host is running an anti-virus application that is vulnerable to multiple attack vectors.

Description

Versions of ClamAV earlier than 0.97 are potentially affected by multiple vulnerabilities :

- As-yet unspecified double-free issue involving an error path exists in 'libclamav/vba_extract.c' and 'shared/cdiff.c'. (Bug 2486 and report from <mt*debian.org>) ,br. - 'libclamav/pdf.c' may miss detection. (Bug 2455)

- Multiple as-yet unspecified error path leaks exist in 'clamav-milter/whitelist.c', 'clamscan/manager.c' and 'libclamav/sis.c'. (Report from <mt*debian.org>)

Solution

Upgrade to ClamAV 0.97 or later.