Heap-Based Buffer Overflow in ClamAV Affects Users and Applications
CVE-2014-9050

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 1 December 2014

What is CVE-2014-9050?

A heap-based buffer overflow vulnerability exists in the cli_scanpe function within ClamAV's library, libclamav/pe.c. This flaw allows attackers to exploit the product by sending specially crafted PE files, leading to potential service disruptions. Users should promptly update their ClamAV installations to version 0.98.5 or later to mitigate this risk. The vulnerability underscores the importance of maintaining up-to-date security measures, particularly for widely used antivirus software.

References

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://lists.opensuse.org/opensuse-security-announce/2014...

vendor-advisoryx_refsource_SUSE

http://www.securityfocus.com/bid/71242

vdb-entryx_refsource_BID

EPSS Score

5% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Dec 1, 2014
Vulnerability Reserved
Nov 21, 2014

Clamav

What is CVE-2014-9050?

References

EPSS Score

Timeline