clamav -- buffer overflow, stack consumption

2008-12-04T00:00:00
ID DSA-1680
Type debian
Reporter Debian
Modified 2008-12-04T00:00:00

Description

Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (CVE-2008-5050).

Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314).

For the stable distribution (etch), these problems have been fixed in version 0.90.1dfsg-4etch16.

For the unstable distribution (sid), these problems have been fixed in version 0.94.dfsg.2-1.

The testing distribution (lenny) will be fixed soon.

We recommend that you upgrade your clamav packages.