Hi All, this somehow went undetected, so i mail it here to speed things up:
CLAMAV < 102.3 with DOS vulnerability on ARJ and PDF files. https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html * CVE-2020-3341 <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341>: Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability. * Fixed "Attempt to allocate 0 bytes" error when parsing some PDF documents. * Fixed a couple of minor memory leaks. We need a build for 30-32 asap. Sending a message with malicouse file is all it takes to take out the daemon. related: BR#1834910 best regards, Marius Schwarz
_______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
