Gentoo Linux Security Advisory GLSA 200809-18 - Multiple vulnerabilities in ClamAV may result in a Denial of Service. Hanno boeck reported an error in libclamav/chmunpack.c when processing CHM files (CVE-2008-1389). Other unspecified vulnerabilities were also reported, including a NULL pointer dereference in libclamav (CVE-2008-3912), memory leaks in freshclam/manager.c (CVE-2008-3913), and file descriptor leaks in libclamav/others.c and libclamav/sis.c (CVE-2008-3914). Versions less than 0.94 are affected.
0f8d8ad864ec3633e4123d3636f3ea400f7979db302a26062a9e318e73734b0fMandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with the 0.94 release. A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided. The previous update had experimental support enabled, which caused ClamAV to report the version as 0.94-exp rather than 0.94, causing ClamAV to produce bogus warnings about the installation being outdated. This update corrects that problem.
7fed0fc5a456da386e0f0d493038985b933c7c0ca06e6ca0f353d56bc41c15feMandriva Linux Security Advisory - Multiple vulnerabilities were discovered in ClamAV and corrected with A vulnerability in ClamAV's chm-parser allowed remote attackers to cause a denial of service (application crash) via a malformed CHM file. A vulnerability in libclamav would allow attackers to cause a denial of service via vectors related to an out-of-memory condition. Multiple memory leaks were found in ClamAV that could possibly allow attackers to cause a denial of service via excessive memory consumption. A number of unspecified vulnerabilities in ClamAV were reported that have an unknown impact and attack vectors related to file descriptor leaks. Other bugs have also been corrected in 0.94 which is being provided with this update. Because this new version has increased the major of the libclamav library, updated dependent packages are also being provided.
e3e5612fe4dc57594536a9fefd90bc594ac416af8c4f0962cb928ff5b41b7027Clam AntiVirus is an anti-virus toolkit for Unix. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a commandline scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use in your own software.
ae188c18936ea9154eb6a85ea553c29f4349ee3e95457055fae5fe1b981af602A fuzzing test against ClamAV versions below 0.94 discovered that they suffer from a chm file parsing vulnerability which can possibly be exploited.
e250a5f0d10ff7b3553d66f2c5e2679545b01252c627bd11aee974decdecce50
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed