DSA-1680 clamav -- buffer overflow, stack consumptionID: oval:org.mitre.oval:def:8113 | Date: (C)2009-12-15 (M)2021-06-02 |
Class: PATCH | Family: unix |
Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution (>CVE-2008-5050). Ilja van Sprundel discovered that ClamAV contains a denial of service condition in its JPEG file processing because it does not limit the recursion depth when processing JPEG thumbnails (CVE-2008-5314).