ClamAV is vulnerable to Denial of Service.
|Package||app-antivirus/clamav on all architectures|
|Affected versions||< 0.88.7|
|Unaffected versions||>= 0.88.7|
ClamAV is a GPL virus scanner.
Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content.
By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash.
There is no known workaround at this time.
All ClamAV users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.7"
December 18, 2006
December 18, 2006: 01