ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
Las versiones anteriores a la versión 0.101.2 de ClamAV, son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Una condición de lectura de la pila fuera de límites puede presentarse al escanear archivos PE. Un ejemplo son los archivos EXE y DLL de Windows que han sido empaquetados con Aspack como un resultado de la comprobación inadecuada de límites.
It was discovered that ClamAV incorrectly handled scanning certain PDF documents. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. It was discovered that ClamAV incorrectly handled scanning certain OLE2 files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.
