The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-base" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-daemon" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-daemon-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-dbg" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-docs" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-freshclam" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-freshclam-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-milter" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-milter-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "clamav-testfiles" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav-dev" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav-dev-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav7" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.14.04.1", "binary_name": "libclamav7-dbgsym" } ] }
{ "availability": "No subscription required", "ubuntu_priority": "medium", "binaries": [ { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-base" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-daemon" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-daemon-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-dbg" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-docs" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-freshclam" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-freshclam-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-milter" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-milter-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamav-testfiles" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamdscan" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "clamdscan-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "libclamav-dev" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "libclamav-dev-dbgsym" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "libclamav7" }, { "binary_version": "0.99.3+addedllvm-0ubuntu0.16.04.1", "binary_name": "libclamav7-dbgsym" } ] }