Secunia

Some vulnerabilities have been reported in Clam AntiVirus (clamav), which can be exploited by malicious people to cause a DoS (Denial of Service) and to compromise a vulnerable system.

1) A boundary error in "libclamav/fsg.c" when unpacking FSG v1.33 compressed executable file can cause a heap-based buffer overflow and can be exploited to execute arbitrary code.

2) A validation error in "libclamav/tnef.c" when handling a CAB file with a malformed header can cause the same block in the file to be scanned repeatedly. This can be exploited to cause an infinite loop, potentially causing a DoS, via a specially crafted CAB file.

3) An error in "libclamav/mspack/cabd.c" when handling a CAB file with a malformed header can cause an infinite loop in the "cabd_find()" function. This can potentially be exploited to cause a DoS via a specially crafted CAB file.

4) A NULL pointer dereference exists when handling malformed base64 encoded MIME attachments. This can be exploited to cause a DoS via specially crafted MIME attachments.

The vulnerabilities have been reported in versions 0.87 and prior.

Solution
Update to version 0.87.1.
Further details available in Customer Area

Provided and/or discovered by
1) 3Com's Zero Day Initiative.
2-3) iDEFENSE.
4) Stephen Gran

Changelog
Further details available in Customer Area

Original Advisory
3Com's Zero Day Initiative:
http://www.zerodayinitiative.com/advisories/ZDI-05-002.html

iDEFENSE:
http://www.idefense.com/application/poi/display?id=333&type=vulnerabilities
http://www.idefense.com/application/poi/display?id=334&type=vulnerabilities

Debian:
http://www.us.debian.org/security/2006/dsa-1232

Deep Links
Links available in Customer Area