ClamAV < 0.93.1 Vulnerability Network Vulnerability

Summary

The remote host is probably affected by the vulnerabilities described in CVE 2007-6335 CVE 2007-6336 CVE 2007-6337 CVE-2008-0318 CVE-2008-1100 CVE-2008-1387 CVE-2008-2713 Impact CVE 2008-2713 libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bound read. CVE 2008-1387 ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. CVE 2008-1100 Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. CVE 2008-0318 Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. CVE 2007-6337 Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. CVE 2007-6336 off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. CVE 2007-6335 Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

Solution

All ClamAV users should upgrade to the latest version:

References

Updated on 2015-03-25

Severity

Classification

CVE CVE-2007-6335, CVE-2007-6336, CVE-2007-6337, CVE-2008-0318, CVE-2008-1100, CVE-2008-1387, CVE-2008-2713

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

ClamAV < 0.93.1 vulnerability

Take action and discover your vulnerabilities