{"id":"MGASA-2016-0402","summary":"Updated clamav packages fix security vulnerability","details":"ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause\na denial of service (application crash) via a crafted mew packer\nexecutable (CVE-2016-1371).\n\nClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause\na denial of service (application crash) via a crafted 7z file\n(CVE-2016-1372).\n\nlibclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware\nProtection (AMP) on Cisco Email Security Appliance (ESA) devices before\n9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and\n9.1.x before 9.1.1-041, allows remote attackers to cause a denial of\nservice (AMP process restart) via a crafted document (CVE-2016-1405).\n\nThe clavav package has been updated to version 0.99.2, fixing these issues\nand other bugs. See the upstream release announcements for details.\n","modified":"2026-04-16T01:47:43.571580618Z","published":"2016-11-27T12:34:14Z","upstream":["CVE-2016-1371","CVE-2016-1372","CVE-2016-1405"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2016-0402.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=19495"},{"type":"WEB","url":"https://www.ubuntu.com/usn/usn-3093-1/"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:5","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-5"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.2-1.mga5"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2016-0402.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}