ClamAV PeSpin and Archives Processing Multiple Vulnerabilities

Last Update Date: 28 Jan 2011 Release Date: 16 Apr 2008 5284 Views

RISK: Medium Risk

Medium Risk

Multiple vulnerabilities have been identified in ClamAV (Clam AntiVirus), which could be exploited by attackers or malware to cause a denial of service or compromise a vulnerable system.

1. Due to a heap overflow error in "libclamav/spin.c" when processing malformed PeSpin executable files, which could be exploited by attackers to execute arbitrary commands by tricking a vulnerable application into scanning a specially crafted file.

2. Due to an error when processing malformed ARJ archives, which could be exploited to cause an affected application to exhaust all available memory resources.

3. Due to an errors when processing malformed RAR archives, which could be exploited to cause an affected application to crash, creating a denial of service condition.

Impact

  • Denial of Service
  • Remote Code Execution

System / Technologies affected

  • ClamAV versions prior to 0.93

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

Vulnerability Identifier

Source

Related Link

Share with

Previous

ClamAV Upack Executable Processing Buffer Overflow Vulnerability

15 Apr 2008 5317 Views

Next

DivX Player Subtitle Parsing Client-Side Buffer Overflow Vulnerability

17 Apr 2008 5295 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY