Vulnerability in ClamAV Discovered by OSS-Fuzz

Summary

A security vulnerability has been identified in ClamAV, stemming from a potential buffer overflow read issue in the OLE2 file parser, which could result in a denial-of-service (DoS) condition.

After thorough investigation, we have determined that ClamAV for QTS and QuTS hero is not affected by this vulnerability.

Recommendation

We recommend regularly updating your system to the latest version to benefit from vulnerability fixes. You can check the product support status to see the latest updates available to your NAS model.

Reference

• Cisco: ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
• ClamAV Blog: ClamAV 1.4.2 and 1.0.8 security patch versions published