ClamAV 0.100.1 has been released!

ClamAV 0.100.1 is a hotfix release to patch a set of vulnerabilities.
  • Fixes for the following CVE’s:
  • Fixes for a few additional bugs:
    • Buffer over-read in unRAR code due to missing max value checks in table initialization. Reported by Rui Reis.
    • Libmspack heap buffer over-read in CHM parser. Reported by Hanno Böck.
    • PDF parser bugs reported by Alex Gaynor.
      • Buffer length checks when reading integers from non-NULL terminated strings.
      • Buffer length tracking when reading strings from dictionary objects.
  • HTTPS support for clamsubmit.
  • Fix for DNS resolution for users on IPv4-only machines where IPv6 is not available or is link-local only. Patch provided by Guilherme Benkenstein.
Thank you to the following ClamAV community members for your code submissions and bug reports!
  • aCaB
  • Alex Gaynor
  • Guilherme Benkenstein
  • Hanno Böck
  • Rui Reis
  • Laurent Delosieres, Secunia Research at Flexera

Share this post

Share on facebook
Share on linkedin
Share on print
Share on email

Subscribe to our Monthly Cyber Security Digest

Get monthly content to keep you up to date on the latest news and tips