clamav - null pointer dereference

2007-07-2400:00:00

Google

osv.dev

0.144 Low

EPSS

Percentile

95.8%

JSON

A NULL pointer dereference has been discovered in the RAR VM of Clam
Antivirus (ClamAV) which allows user-assisted remote attackers to
cause a denial of service via a specially crafted RAR archives.

We are currently unable to provide fixed packages for the MIPS
architectures. Those packages will be installed in the security
archive when they become available.

The old stable distribution (sarge) is not affected by this problem.

For the stable distribution (etch) this problem has been fixed in
version 0.90.1-3etch4.

For the unstable distribution (sid) this problem has been fixed in
version 0.91-1.

We recommend that you upgrade your clamav packages.

CPENameOperatorVersion
clamaveq0.90.1-3etch2
clamaveq0.90.1-3etch3
clamaveq0.90.1-3etch1
clamaveq0.90.1-2

Name	Operator	Version
clamav	eq	0.90.1-3etch2
clamav	eq	0.90.1-3etch3
clamav	eq	0.90.1-3etch1
clamav	eq	0.90.1-2

References

www.debian.org/security/2007/dsa-1340

0.144 Low

EPSS

Percentile

95.8%

JSON

Related for OSV:DSA-1340-1