ClamAV Heap Corruption and Integer Overflow Vulnerabilities

ClamAV Heap Corruption and Integer Overflow Vulnerabilities

ClamAV is prone to a heap-corruption vulnerability and an integer-overflow vulnerability.

Successfully exploiting these issues allows remote attackers to execute arbitrary machine code in the context of the affected application. This facilitates the remote compromise of affected computers. Failed exploit attempts likely result in application crashes.

Versions prior to ClamAV 0.92.1 are affected by these issues.