#VU32441 Buffer overflow in ClamAV - CVE-2014-9328

Vulnerability identifier: #VU32441

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2014-9328

CWE-ID: CWE-119

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
ClamAV
Client/Desktop applications / Antivirus software/Personal firewalls

Vendor: ClamAV

Description

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Mitigation
Install update from vendor's website.

Vulnerable software versions

ClamAV: 0.98.0 - 0.98.5

---

External links
https://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html
https://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html
https://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html
https://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
https://secunia.com/advisories/62536
https://secunia.com/advisories/62757
https://securitytracker.com/id/1031672
https://www.securityfocus.com/bid/72372
https://www.ubuntu.com/usn/USN-2488-2
https://security.gentoo.org/glsa/201512-08

---

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.