[原文]Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
Clam AntiVirus E-mail Address Logging Remote Format String
Remote / Network Access,
Local / Remote,
Loss of Integrity
Clam Antivirus contains a flaw that may allow a remote denial of service. The issue is triggered when a format string error occurs, and will result in loss of availability and potential compromise of the vulnerable system.
Upgrade to Calm AntiVirus 0.65 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.