Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
ClamAV 'cli_pdf()' and 'cli_scanicon()' Denial of Service Vulnerabilities (Win
Information
Severity
Severity
Medium
Family
Family
Denial of Service
CVSSv2 Base
CVSSv2 Base
4.3
CVSSv2 Vector
CVSSv2 Vector
AV:N/AC:M/Au:N/C:N/I:N/A:P
Solution Type
Solution Type
Vendor Patch
Created
Created
13 years ago
Modified
Modified
5 years ago
Summary
This host has ClamAV installed, and is prone to multiple Denial of Service vulnerabilities.
Insight
Insight
The flaws are due to: - Errors exists within the 'cli_pdf()' function in 'libclamav/pdf.c' when processing certain 'PDF' files. This can be exploited to cause a crash. - Error exists within the 'parseicon()' function in 'libclamav/pe_icons.c' when processing 'PE' icons. This can be exploited to trigger an out-of-bounds access when reading data and potentially cause a crash.
Affected Software
Affected Software
ClamAV version prior to 0.96.1 (1.0.26) on Windows.
Solution
Solution
Upgrade to ClamAV 0.96.1 or later.