Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
ClamAV Double-free Vulnerability in the OLE2 File Parser
Vulnerability Description
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
Vulnerability Type
双重释放
Vulnerability Title
ClamAV 资源管理错误漏洞
Vulnerability Description
ClamAV(Clam AntiVirus)是ClamAV团队的一套免费且开源的杀毒软件。该软件用于检测木马、病毒、恶意软件和其他恶意威胁。 ClamAV 0.104.0版本到0.104.2版本存在资源管理错误漏洞,该漏洞源于OLE2 文件解析器中的边界错误。远程攻击者可以将特制文件传递给应用程序,触发双重自由错误利用该漏洞在目标系统上执行任意代码。
CVSS Information
N/A
Vulnerability Type
N/A