MGASA-2020-0226

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2020-0226.html

Import Source

https://advisories.mageia.org/MGASA-2020-0226.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2020-0226

Related

Published

2020-05-24T18:04:47Z

Modified

2020-05-24T17:27:23Z

Summary

Updated clamav packages fix security vulnerabilities

Details

Updated clamav packages fix security vulnerabilities:

Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability (CVE-2020-3327).

Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability (CVE-2020-3341)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / clamav

Package

Name: clamav
Purl: pkg:rpm/mageia/clamav?distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

0.102.3-1.mga7

Ecosystem specific

{
    "section": "core"
}