Package: clamav
Version: 0.86.1-2
Severity: critical

clamav <= 0.86.1 has several heap overflows. "At least 4 of its file format
processors contain remote security bugs. Specifically, during the
processing of TNEF, CHM and FSG formats an attacker is able to trigger
several integer overflows that allow attackers to overwrite heap data to
obtain complete control of the system."

Original security advisory: http://www.rem0te.com/public/images/clamav.pdf
ClamAV 0.86.2 release notes:
http://sourceforge.net/project/shownotes.php?release_id=344514

Oliver Paulus


Reply via email to