> https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html > <https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html> > > ClamAV 0.102.3 security patch released > > Today, we're publishing 0.102.3. Navigate to ClamAV's downloads page > <http://www.clamav.net/downloads> to download the release materials. > > ClamAV 0.102.3 > > > ClamAV 0.102.3 is a bug patch release to address the following issues. > > - CVE-2020-3327 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327>: Fix a > vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that could > cause a Denial-of-Service (DoS) condition. Improper bounds checking of an > unsigned variable results in an out-of-bounds read which causes a crash. > > Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ > parsing vulnerability. > > - CVE-2020-3341 > <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341>: Fix a > vulnerability in the PDF parsing module in ClamAV 0.101 - 0.102.2 that could > cause a Denial-of-Service (DoS) condition. Improper size checking of a buffer > used to initialize AES decryption routines results in an out-of-bounds read > which may cause a crash. Bug found by OSS-Fuzz. > > - Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents. > > - Fix a couple of minor memory leaks. > > - Updated libclamunrar to UnRAR 5.9.2. > > Please join us on the ClamAV mailing lists > <https://www.clamav.net/contact#ml>, on irc.freenode.net in #clamav, or on > Discord <https://discord.gg/sGaxA5Q> for further discussion. Thanks!
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
clamav-devel mailing list clamav-devel@lists.clamav.net https://lists.clamav.net/mailman/listinfo/clamav-devel Please submit your patches to our Github: https://github.com/Cisco-Talos/clamav-devel/pulls Help us build a comprehensive ClamAV guide: https://github.com/vrtadmin/clamav-faq http://www.clamav.net/contact.html#ml