ClamAV: Denial of service — GLSA 202104-07

A vulnerability in ClamAV could lead to a Denial of Service condition.

Affected packages

app-antivirus/clamav on all architectures
Affected versions < 0.103.2
Unaffected versions >= 0.103.2

Background

ClamAV is a GPL virus scanner.

Description

A vulnerability has been discovered in ClamAV. Please review the CVE identifier referenced below for details.

Impact

A remote attacker could cause ClamAV to scan a specially crafted file, possibly resulting a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All ClamAV users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=app-antivirus/clamav-0.103.2"
 

References

Release date
April 30, 2021

Latest revision
April 30, 2021: 1

Severity
low

Exploitable
local, remote

Bugzilla entries