SB2014051606 - Gentoo update for ClamAV 

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2014051606

SB2014051606 - Gentoo update for ClamAV

Published: May 16, 2014 Updated: September 25, 2016

Security Bulletin ID SB2014051606
Severity
High
Patch available
YES
Number of vulnerabilities 5
Exploitation vector Remote access
Highest impact Code execution

Breakdown by Severity

High 40% Medium 60%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 5 secuirty vulnerabilities.


1) Input validation error (CVE-ID: CVE-2013-2020)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.


2) Input validation error (CVE-ID: CVE-2013-2021)

The vulnerability allows remote attackers to perform a denial of service (DoS) attack.

The vulnerability exists due to insufficient validation of user-supplied input. A remote attacker can cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.


3) Buffer overflow (CVE-ID: CVE-2013-7087)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ClamAV before 0.97.7 has WWPack corrupt heap memory


4) Buffer overflow (CVE-ID: CVE-2013-7088)

The vulnerability allows a remote non-authenticated attacker to execute arbitrary code.

ClamAV before 0.97.7 has buffer overflow in the libclamav component


5) Information disclosure (CVE-ID: CVE-2013-7089)

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

ClamAV before 0.97.7: dbg_printhex possible information leak


Remediation

Install update from vendor's website.

References