Vumetric is now part of the TELUS family! Learn more →

Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices.

“This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write,” Cisco Talos said in an advisory.

“An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device.”

“This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection,” Cisco noted.

“An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device.”

Cisco separately also resolved a denial-of-service vulnerability impacting Cisco Nexus Dashboard and two other privilege escalation and command injection flaws in Email Security Appliance and Secure Email and Web Manager.

Share this article on social media:

Subscribe to Our Newsletter!
Stay on top of cybersecurity risks, evolving threats and industry news.
This field is for validation purposes and should be left unchanged.

Recent News

View more cybersecurity news →

Featured Services

The Latest Cybersecurity News

From major cyberattacks, newly discovered critical vulnerabilities to recommended best practices, read it here first:

BOOK A MEETING

Enter your Email Address

This field is for validation purposes and should be left unchanged.

* No free email provider (e.g: gmail.com, hotmail.com, etc.)

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.