CVSS Base Vector:
The remote host is missing an update for the 'clamav'
Linux Distribution Package(s) announced via the DSA-1953-1 advisory.
Checks if a vulnerable Linux Distribution Package version is present on the target host.
It was discovered that clamav, the open source antivirus engine, is affected by
the following security vulnerabilities:
Denial of Service (DoS) vulnerability, resulting from excessively long scan
times caused by non-recursive zip bombs. Among others, this issue was
mitigated by introducing a scan time limit.
Out-of-bounds write in ClamAV's NSIS bzip2 library when attempting
decompression in cases where the number of selectors exceeded the max limit
set by the library.
This update triggers a transition from libclamav7 to libclama9. As a result,
several other Linux Distribution Packages will be recompiled against the fixed Linux Distribution Package after the
release of this update: dansguardian, havp, python-pyclamav, c-icap-modules.
'clamav' Linux Distribution Package(s) on Debian Linux.
For Debian 8 'Jessie', these problems have been fixed in version
We recommend that you upgrade your clamav Linux Distribution Packages.
NIST (National Institute of Standards and Technology) NVD (National Vulnerability Database)
Linux Distribution Package