*** This bug is a security vulnerability *** Public security bug reported:
Binary package hint: clamav libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389 libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3912 Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to the "error path." http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3913 Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3914 The version in hardy lts should be fixed/upgraded asap. ** Affects: clamav (Ubuntu) Importance: Undecided Status: New ** Visibility changed to: Public -- [hardy] Multiple unfixed CVEs https://bugs.launchpad.net/bugs/271546 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
