VuXML ID | Description |
2a6106c6-73e5-11ec-8fa2-0800270512f4 | clamav -- invalid pointer read that may cause a crash
Laurent Delosieres reports:
Fix for invalid pointer read that may cause a crash. This issue affects
0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the
CL_SCAN_GENERAL_COLLECT_METADATA scan option
(the clamscan --gen-json option) is enabled.
Discovery 2022-01-12 Entry 2022-01-12 clamav
< 0.104.2,1
clamav-lts
< 0.103.5,1
CVE-2022-20698
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
|
91ce95d5-cd15-4105-b942-af5ccc7144c1 | clamav -- multiple vulnerabilities
Micah Snyder reports:
CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module
in ClamAV 0.102.2 that could cause a denial-of-service condition.
Improper bounds checking of an unsigned variable results in an
out-of-bounds read which causes a crash. Special thanks to Daehui Chang
and Fady Othman for helping identify the ARJ parsing vulnerability.
CVE-2020-3341: Fixed a vulnerability in the PDF-parsing module in ClamAV
0.101 - 0.102.2 that could cause a denial-of-service condition. Improper
size checking of a buffer used to initialize AES decryption routines
results in an out-of-bounds read, which may cause a crash. OSS-Fuzz
discovered this vulnerability.
Discovery 2020-05-12 Entry 2020-05-14 clamav
< 0.102.3,1
https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3327
CVE-2020-3341
|
9ae2c00f-97d0-11eb-8cd6-080027f515ea | clamav -- Multiple vulnerabilites
Micah Snyder reports:
- CVE-2021-1252
- Excel XLM parser infinite loop
- CVE-2021-1404
- PDF parser buffer over-read; possible crash.
- CVE-2021-1405
- Mail parser NULL-dereference crash.
Discovery 2021-04-07 Entry 2021-04-07 clamav
< 0.103.2,1
CVE-2021-1252
CVE-2021-1404
CVE-2021-1405
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
|
f7a02651-c798-11ea-81d6-6805cabe6ebb | clamav -- multiple vulnerabilities
Micah Snyder reports:
- CVE-2020-3350
-
Fixed a vulnerability a malicious user could exploit to replace
a scan target's directory with a symlink to another path to trick
clamscan, clamdscan, or clamonacc into removing or moving a different
file (such as a critical system file). The issue would affect users
that use the --move or --remove options for clamscan, clamdscan and
clamonacc.
- CVE-2020-3327
-
Fixed a vulnerability in the ARJ archive-parsing module in ClamAV
0.102.3 that could cause a denial-of-service (DoS) condition.
Improper bounds checking resulted in an out-of-bounds read that could
cause a crash. The previous fix for this CVE in version 0.102.3 was
incomplete. This fix correctly resolves the issue.
- CVE-2020-3481
-
Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0
- 0.102.3 that could cause a denial-of-service (DoS) condition.
Improper error handling could cause a crash due to a NULL pointer
dereference. This vulnerability is mitigated for those using the
official ClamAV signature databases because the file type signatures
in daily.cvd will not enable the EGG archive parser in affected
versions.
Discovery 2020-07-16 Entry 2020-07-16 clamav
< 0.102.4,1
https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3350
CVE-2020-3327
CVE-2020-3481
|