Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP для конечных устройств, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP для конечных устройств, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP для конечных устройств, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость библиотеки сканирования пакета антивирусных программ ClamAV и средства защиты от вредоносного программного обеспечения Cisco AMP для конечных устройств, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость пакета антивирусных программ ClamAV, связанная с переполнением буфера в куче, позволяющая нарушителю выполнить произвольный код

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.