Trends Four ClamAV Vulnerabilities Discovered, Fixes Released By David Cawley | 1 minute read The US-CERT website posted an advisory in relation to multiple ClamAV vulnerabilities. In total, four vulnerabilities were discovered which could result in remote code execution or a denial of service attack. Fortunately, ClamAV have released version 0.93 with fixes for these issues. The change log shows the following fixes: Mon Apr 14 21:35:11 CEST 2008 (tk)———————————- * Check in 0.93 patches: – libclamunrar: bb#541 (RAR – Version required to extract – Evasion) – libclamav/spin.c: bb#876 (PeSpin Heap Overflow Vulnerability) – libclamav/pe.c: bb#878 (Upack Buffer Overflow Vulnerability) – libclamav/message.c: bb#881 (message.c: read beyond allocated region) – libclamav/unarj.c: bb#897 (ARJ: Sample from CERT-FI hangs clamav) – libclamunrar: bb#898 (RAR crashes on some fuzzed files from CERT-FI) The update to ClamAV is available for download here