In association with heise online

25 May 2010, 13:17

ClamAV 0.96.1 fixes DoS vulnerabilities

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

ClamAV Logo Version 0.96.1 of ClamAV, the free and open source toolkit, fixes bugs which cause it to crash when faced with crafted PDF and PE files. Attackers had been able to exploit these vulnerabilities to disrupt network operation, allowing them to disable web proxies or mail gateways, for example. The developers have also dealt with a possible null pointer dereference when processing 7zip archives.

The bugs are located in libclamav/pdf.c, libclamav/pe_icons.c and libclamav/7z/Archive/7z/7zIn.c and are fixed in the Git repository and in the source code. A tarball of the source code is available to download. 32 and 64-bit (direct download) binaries are available to download for Windows users, though the 64 bit version is still in beta. ClamAV is licensed under the GPL and is also available for various Linux and Unix distributions.

See also:

(crve)

Print Version | Send by email | Permalink: http://h-online.com/-1006547
 


  • July's Community Calendar





The H Open

The H Security

The H Developer

The H Internet Toolkit