Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

Bugtraq ID:	23656
Class:	Failure to Handle Exceptional Conditions
CVE:	CVE-2007-2029
Remote:	Yes
Local:	No
Published:	Apr 25 2007 12:00AM
Updated:	May 31 2007 09:01PM
Credit:	This issue was disclosed in the referenced Debian advisory.
Vulnerable:	Pardus Linux 2007.1 Debian Linux 3.1 sparc Debian Linux 3.1 s/390 Debian Linux 3.1 ppc Debian Linux 3.1 mipsel Debian Linux 3.1 mips Debian Linux 3.1 m68k Debian Linux 3.1 ia-64 Debian Linux 3.1 ia-32 Debian Linux 3.1 hppa Debian Linux 3.1 arm Debian Linux 3.1 amd64 Debian Linux 3.1 alpha Debian Linux 3.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Clam Anti-Virus ClamAV 0.84 rc2
Not Vulnerable:

Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

ClamAV is prone to a denial-of-service vulnerability.

A successful attack may allow an attacker to cause denial-of-service conditions.

Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

Currently we are not aware of any exploits for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].

Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

Solution:
The vendor released version 0.90.2 to address this issue. Please see the references for more information.

Clam AntiVirus ClamAV PDF Handling Remote Denial Of Service Vulnerability

References:

• ClamAV Homepage (Clam Anti-Virus)
  
• Clam AntiVirus Changelog (ClamAV)