FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- Multiple Vulnerabilities

Affected packages
clamav < 0.88.1
clamav-devel <= 20051104_1

Details

VuXML ID 6a5174bd-c580-11da-9110-00123ffe8333
Discovery 2006-04-06
Entry 2006-04-06

Secunia reports:

Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

An unspecified integer overflow error exists in the PE header parser in "libclamav/pe.c". Successful exploitation requires that the ArchiveMaxFileSize option is disabled.

Some format string errors in the logging handling in "shared/output.c" may be exploited to execute arbitrary code.

An out-of-bounds memory access error in the "cli_bitset_test()" function in "ibclamav/others.c" may be exploited to cause a crash.

References

CVE Name CVE-2006-1614
CVE Name CVE-2006-1615
CVE Name CVE-2006-1630
URL http://secunia.com/advisories/19534/
URL http://www.us.debian.org/security/2006/dsa-1024