OSV-2024-73

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/clamav/OSV-2024-73.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2024-73
Published
2024-02-04T00:02:39.648902Z
Modified
2024-04-29T11:36:07.742568Z
Summary
Heap-buffer-overflow in pdf_finalize_string
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=66093

Crash type: Heap-buffer-overflow READ 1
Crash state:
pdf_finalize_string
cli_pdf
cli_scanpdf
References

Affected packages

OSS-Fuzz / clamav

Package

Name
clamav
Purl
pkg:generic/clamav

Affected ranges

Type
GIT
Repo
https://github.com/Cisco-Talos/clamav.git
Events
Introduced
d114e3fc66fe5ed025ae5d2d3d6ffbcf0a42d7ec
Fixed
82491dabaa9e2d6004519371b67dd36aa4dec3c9

Affected versions

clamav-1.*

clamav-1.3.0-rc2

Ecosystem specific 

{
    "severity": "MEDIUM"
}

Database specific 

{
    "fixed_range": "17c9f5b64f4a9a3fd624b1c9668d034d898a2534:82491dabaa9e2d6004519371b67dd36aa4dec3c9"
}