ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
References
Link | Resource |
---|---|
https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/ | Exploit Technical Description Third Party Advisory |
http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html | Vendor Advisory |
https://bugzilla.clamav.net/show_bug.cgi?id=11514 | Issue Tracking |
http://www.securityfocus.com/bid/93222 | Third Party Advisory VDB Entry |
http://www.ubuntu.com/usn/USN-3093-1 | Third Party Advisory |
Information
Published : 2016-10-03 11:59
Updated : 2016-10-04 08:20
NVD link : CVE-2016-1371
Mitre link : CVE-2016-1371
JSON object : View
CWE
CWE-284
Improper Access Control
Products Affected
canonical
- ubuntu_linux
clamav
- clamav