ClamAV: Denial of Service — GLSA 200612-18

ClamAV is vulnerable to Denial of Service.

Affected Packages

app-antivirus/clamav on all architectures
Affected versions < 0.88.7
Unaffected versions >= 0.88.7

Background

ClamAV is a GPL virus scanner.

Description

Hendrik Weimer discovered that ClamAV fails to properly handle deeply nested MIME multipart/mixed content.

Impact

By sending a specially crafted email with deeply nested MIME multipart/mixed content an attacker could cause ClamAV to crash.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.88.7"

References

Release Date
December 18, 2006

Latest Revision
December 18, 2006: 01

Severity
normal

Exploitable
remote

Bugzilla entries