Launchpad.net

CVE 2007-3122

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

Related bugs and status

CVE-2007-3122 (Candidate) is related to these bugs:

Bug #190187: Dapper clamav has multiple security issues that require upgrade to new version to fix

Summary				In	Importance	Status
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu)	Undecided	Fix Released
	190187	Dapper clamav has multiple security issues that require upgrade to new version to fix		clamav (Ubuntu Dapper)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [Clamav-announce] 2007...
CONFIRM: http://svn.clamav.net/...
CONFIRM: https://wwws.clamav.ne...
CONFIRM: http://kolab.org/secur...
SUSE: SUSE-SA:2007:033
SECUNIA: 25523
SECUNIA: 25525
GENTOO: GLSA-200706-05
SECUNIA: 25688
DEBIAN: DSA-1320
SECUNIA: 25796
OSVDB: 45392
XF: clamav-rar-security-by...