ClamAV: Denial of Service — GLSA 200708-04

A vulnerability has been discovered in ClamAV, allowing for a Denial of Service.

Affected Packages

app-antivirus/clamav on all architectures
Affected versions < 0.91
Unaffected versions >= 0.91

Background

ClamAV is a GPL virus scanner.

Description

Metaeye Security Group reported a NULL pointer dereference in ClamAV when processing RAR archives.

Impact

A remote attacker could send a specially crafted RAR archive to the clamd daemon, resulting in a crash and a Denial of Service.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.91"

References

Release Date
August 09, 2007

Latest Revision
August 09, 2007: 01

Severity
normal

Exploitable
remote

Bugzilla entries