-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Package : clamav Version : 0.101.5+dfsg-0+deb8u2 CVE ID : CVE-2020-3327 CVE-2020-3341
The following CVE(s) were found in src:clamav package. CVE-2020-3327 A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. CVE-2020-3341 A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. For Debian 8 "Jessie", these problems have been fixed in version 0.101.5+dfsg-0+deb8u2. We recommend that you upgrade your clamav packages. Further information about Debian LTS security advisories, how to apply these updates to your system and frequently asked questions can be found at: https://wiki.debian.org/LTS Best, Utkarsh -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbJ0QSEqa5Mw4X3xxgj6WdgbDS5YFAl7Ea4cACgkQgj6WdgbD S5ZB2g//fhWRGPN9pZFmfkaIBHnEjldbwCFFM1bnUN6SpKd4znDymE53CmSPjnrz JZKEn6Oc2xLrgMcP6wVcbKzbjgXX1+DNUpi5Pw7TKxnjULHPTuqkbM8BihGOIXnp 002NyLy6lSEZs1B/SWMNCx8Kyas/R5hmo11VwlldCKuKEd4M9qtbXypm1ukmmS0W uoHPLVIlEaDn6ZCavJVCEpEV9j42h5gRkAK+6eCaBai1ta21R+oiWDr87KCx70ia w3p01yWaqPJjPaWCGkfJmGraN5d5814wxniSvCExlFxs8mylZ7WFupqb088Mi8xc heLRQe2KkGxtbsVRBWKrACBOHn+9e3K8edRJwp3DK1rSDG3kafnnxRAaTjRmIfLk d2nGh1/WOU8XIXUpVvremT0PbfP33J1FC8f3qAa7WYZyZnHalYl7IV/VKe/lByst 9bcKz/X45NhWb5gvruhSnm+Pz0T5Og4bbK2DTuEYadDoMeAzZGgZudFCSkU59TqF 6ynh/vN/va40TLz3jPdom6QduE3ToBdMEK1ltcxaBcSSQndQqMcpgGRWK6D/GXmU TOUyIdAXk5KrFKKO/Eca9q5lJnGlx3jffplexOukXX2CJqC1jolJRJNdCmX00U3m /BuJKW/Ev8BTLgsa/Qnkjx34/e975I8RM4YVNzupcRthBT5KOSc= =rRd3 -----END PGP SIGNATURE-----