Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to potentially compromise a vulnerable system.
1) An integer overflow error exists within the "cli_scanpe()" function in libclamav/pe.c. No further information is currently available.
2) An error within the "unmew11()" function in libclamav/mew.c can be exploited to corrupt heap memory.
Successful exploitation may allow execution of arbitrary code.
The vulnerabilities are reported in versions prior to 0.92.1.
Update to version 0.92.1.
net-mail/antivirus, ok for fast-tracking stabilization of 0.92.1?
could someone please add "CVE-2008-0728" to the summary? (i dont have the needed permissions)
Maintainers please advise.
I'm OK for 0.92.1 stabilization.
Arches please test and mark stable app-antivirus/clamav-0.92.1, target "alpha amd64 hppa ia64 ppc ppc64 sparc x86 ~x86-fbsd"
Stable for HPPA.
hmm, don't know why I rated this B3 at first... glsa request filed.
Fixed in release snapshot.