5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.4 Medium
AI Score
Confidence
Low
0.142 Low
EPSS
Percentile
95.7%
[ this was initially sent on 2014-11-27, but did not reach the list
due to a mistake on my side ]
Package : clamav
Version : 0.98.1+dfsg-1+deb6u4
CVE ID : CVE-2014-9050 CVE-2013-6497
Debian Bug : #770985
Two bugs were discovered in clamav and are fixed by this release.
One issue is in clamscan, the command line anti-virus scanner included
in the package, which could lead to crashes when scanning certain files
(CVE-2013-6497).
The second issue is in libclamav which caused a heap buffer overflow
when scanning a specially crafted y0da Crypter obfuscated PE file
(CVE-2014-9050). Note that this is remotely exploitable when ClamAV is
used as a mail gateway scanner.
If you use clamav, we highly recommend that you upgrade to this version.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 7 | kfreebsd-i386 | clamav-daemon | < 0.98.5+dfsg-0+deb7u1 | clamav-daemon_0.98.5+dfsg-0+deb7u1_kfreebsd-i386.deb |
Debian | 6 | amd64 | clamav-freshclam | < 0.98.1+dfsg-1+deb6u4 | clamav-freshclam_0.98.1+dfsg-1+deb6u4_amd64.deb |
Debian | 7 | kfreebsd-i386 | clamav-freshclam | < 0.98.5+dfsg-0+deb7u1 | clamav-freshclam_0.98.5+dfsg-0+deb7u1_kfreebsd-i386.deb |
Debian | 7 | powerpc | libclamav-dev | < 0.98.5+dfsg-0+deb7u1 | libclamav-dev_0.98.5+dfsg-0+deb7u1_powerpc.deb |
Debian | 7 | armhf | clamav-freshclam | < 0.98.5+dfsg-0+deb7u1 | clamav-freshclam_0.98.5+dfsg-0+deb7u1_armhf.deb |
Debian | 7 | armel | clamav | < 0.98.5+dfsg-0+deb7u1 | clamav_0.98.5+dfsg-0+deb7u1_armel.deb |
Debian | 7 | sparc | clamav-daemon | < 0.98.5+dfsg-0+deb7u1 | clamav-daemon_0.98.5+dfsg-0+deb7u1_sparc.deb |
Debian | 7 | armel | libclamav6 | < 0.98.5+dfsg-0+deb7u1 | libclamav6_0.98.5+dfsg-0+deb7u1_armel.deb |
Debian | 6 | all | clamav | < 0.98.1+dfsg-1+deb6u4 | clamav_0.98.1+dfsg-1+deb6u4_all.deb |
Debian | 7 | mipsel | libclamav6 | < 0.98.5+dfsg-0+deb7u1 | libclamav6_0.98.5+dfsg-0+deb7u1_mipsel.deb |