Clamav had been found vulnerable to multiple vulnerabilities:
- Improper checking for the end of an buffer causing an
unspecified attack vector.
- Insecure temporary file handling, which could be exploited
to read sensitive information.
- A flaw in the parser engine which could allow a remote
attacker to bypass the scanning of RAR files.
- A flaw in libclamav/unrar.c which could cause a remote
Denial of Service (DoS) by sending a specially crafted
RAR file with a modified vm_codesize.
- A flaw in the OLE2 parser which could cause a remote
Denial of Service (DoS).