virus logo FortiClient Vulnerability

Security Vulnerabilities fixed in ClamAV 0.103.2

description-logoDescription

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling, buffer size, and variable initialization that may result in an infinite loop, heap buffer over-read, or NULL pointer read. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

affected-products-logoAffected Applications

ClamAV

CVE References

CVE-2021-1252 CVE-2021-1404 CVE-2021-1405

Other References

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
ID 4044
Created Jan 20, 2022
Description
Updated		 Nov 07, 2023
Risk black-background-circle-icon black-background-circle-icon black-background-circle-icon black-background-circle-icon lightgray-background-circle-icon
Coverage FortiClient
OS Windows
Vendor ClamAV
Patch manual
Application ClamAV