MGASA-2020-0226

Source
https://advisories.mageia.org/MGASA-2020-0226.html
Import Source
https://advisories.mageia.org/MGASA-2020-0226.json
JSON Data
https://api.osv.dev/v1/vulns/MGASA-2020-0226
Related
Published
2020-05-24T18:04:47Z
Modified
2020-05-24T17:27:23Z
Summary
Updated clamav packages fix security vulnerabilities
Details

Updated clamav packages fix security vulnerabilities:

Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability (CVE-2020-3327).

Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability (CVE-2020-3341)

References
Credits

Affected packages

Mageia:7 / clamav

Package

Name
clamav
Purl
pkg:rpm/mageia/clamav?distro=mageia-7

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.102.3-1.mga7

Ecosystem specific

{
    "section": "core"
}