A security advisory has been issued regarding a vulnerability discovered in ClamAV products. This vulnerability exposes a potential remote attacker to execute arbitrary code on affected systems. The issue affects multiple versions of ClamAV software.
Affected Systems:
- ClamAV versions 1.1.x prior to 1.1.2
- ClamAV versions 1.0.x prior to 1.0.3
- ClamAV versions 0.103.x prior to 0.103.10
The vulnerability allows an attacker to exploit the flaw, leading to unauthorized remote code execution.
Solution: Users are strongly advised to refer to the security bulletin provided by the vendor for obtaining the necessary patches to address this vulnerability.
Documentation: For further information and to obtain patches, please consult the following resources:
- ClamAV Security Bulletin “clamav-120-feature-version-and-111-102” dated August 28, 2023: ClamAV Security Bulletin
- Reference CVE: CVE-2023-40477: CVE-2023-40477
Users are strongly recommended to apply the necessary patches to mitigate the risks associated with this vulnerability and maintain the security of their systems running ClamAV software.