ClamAV Buffer Overflow Vulnerability in PDF Scanning Process Allowing Denial-of-Service and Potential Arbitrary Code Execution

A buffer overflow vulnerability has been identified in ClamAV's PDF scanning process, which could allow an unauthenticated, remote attacker to cause a denial-of-service condition or execute arbitrary code on the affected device. This vulnerability arises from improper allocation of memory buffers when processing PDF files. An attacker could exploit this issue by submitting a crafted PDF for scanning. The vulnerability affects ClamAV versions 1.4.3, 1.0.9, and all currently supported versions prior to these releases.

Impact

Exploitation of this vulnerability can lead to a buffer overflow, causing the ClamAV scanning process to terminate and creating a denial-of-service condition. There is also a possibility, although unproven, that the buffer overflow could be leveraged to execute arbitrary code with the privileges of the ClamAV process.

Remediation

Users can upgrade to ClamAV versions 1.4.3 or 1.0.9 to address this vulnerability. The release files are available on the ClamAV downloads page, the GitHub Release page, and through Docker Hub.