CVSS Base Vector:
The remote host is missing an update for the 'clamav'
Linux Distribution Package(s) announced via the DSA-1953-1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
It was discovered that clamav, the open source antivirus engine, is affected by
the following security vulnerabilities:
Denial of Service (DoS) vulnerability, resulting from excessively long scan
times caused by non-recursive zip bombs. Among others, this issue was
mitigated by introducing a scan time limit.
Out-of-bounds write in ClamAV's NSIS bzip2 library when attempting
decompression in cases where the number of selectors exceeded the max limit
set by the library.
This update triggers a transition from libclamav7 to libclama9. As a result,
several other Linux Distribution Packages will be recompiled against the fixed Linux Distribution Package after the
release of this update: dansguardian, havp, python-pyclamav, c-icap-modules.
'clamav' Linux Distribution Package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your clamav Linux Distribution Packages.
Linux Distribution Package
Debian Local Security Checks
Find and Fix this Vulnerability:
Mageni can help you to find out if you have this or more vulnerabilities exposing you to hackers, ransomware and malware: Download Mageni's Free Edition
NVD CVE ID: