Gentoo Linux Security Advisory 201009-6 - Multiple vulnerabilities have been reported in Clam AntiVirus. Versions less than 0.96.1 are affected.
29bc3e802eed31e1ea30d7fbff434641cd4cd7678f94999a5dbf9a4ba1bef742
Mandriva Linux Security Advisory 2010-110 - The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. This update provides clamav 0.96.1 which is not vulnerable to these issues.
8265db2be8f314e34b496a700d50e5bbb34294ef05e4b5aa3d2947737ecefc69
Ubuntu Security Notice 945-1 - It was discovered that ClamAV did not properly reallocate memory when processing certain PDF files. A remote attacker could send a specially crafted PDF and crash ClamAV. An out of bounds memory access flaw was discovered in ClamAV. A remote attacker could send a specially crafted Portable Executable (PE) file and crash ClamAV. This issue only affected Ubuntu 10.04 LTS.
cc7d52c9fd696386c5ee3ad281de63e4fe60807ff4ac7374646f205fcc5e26d7