Heap-Based Buffer Overflow in ClamAV Affects Users and Applications
CVE-2014-9050

Currently unrated

Key Information:

Vendor

Clamav

Status
Clamav
Vendor
CVE Published:
1 December 2014

What is CVE-2014-9050?

A heap-based buffer overflow vulnerability exists in the cli_scanpe function within ClamAV's library, libclamav/pe.c. This flaw allows attackers to exploit the product by sending specially crafted PE files, leading to potential service disruptions. Users should promptly update their ClamAV installations to version 0.98.5 or later to mitigate this risk. The vulnerability underscores the importance of maintaining up-to-date security measures, particularly for widely used antivirus software.

References

http://lists.opensuse.org/opensuse-security-announce/2014...
vendor-advisoryx_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2014...
vendor-advisoryx_refsource_SUSE
http://www.securityfocus.com/bid/71242
vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.