Secunia

Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service).

1) An error exists within the OLE2 parser when handling objects with malformed FAT partitions and large property sizes. This can be exploited to cause a DoS due to storage and CPU resource consumption by scanning a specially crafted OLE2 file.

2) An error in the processing of RAR files can be exploited to crash the process via a specially crafted RAR file.

3) A boundary error exists within the file /libclamav/unsp.c, which can be exploited to crash the process via a specially crafted NsPacked file.

4) An incorrect regular expression in libclamav/phishcheck.c can be exploited to cause a DoS by consuming all available CPU resources via a specially crafted file.

Successful exploitation may depend upon the regular expression implementation used.

Solution
Update to ClamAV version 0.90.3.
Further details available in Customer Area

Provided and/or discovered by
1) Victor Stinner, INL.
2) Elliot
3) & 4) Edwin Török

Changelog
Further details available in Customer Area

Original Advisory
1) http://news.gmane.org/gmane.comp.security.virus.clamav.devel/cutoff=2853
2) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521
3) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464
4) https://wwws.clamav.net/bugzilla/show_bug.cgi?id=497

Deep Links
Links available in Customer Area