{"id":"MGASA-2020-0226","summary":"Updated clamav packages fix security vulnerabilities","details":"Updated clamav packages fix security vulnerabilities:\n\nFixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2\nthat could cause a denial-of-service condition. Improper bounds checking\nof an unsigned variable results in an out-of-bounds read which causes a\ncrash. Special thanks to Daehui Chang and Fady Othman for helping identify\nthe ARJ parsing vulnerability (CVE-2020-3327).\n\nFixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2\nthat could cause a denial-of-service condition. Improper size checking of\na buffer used to initialize AES decryption routines results in an\nout-of-bounds read, which may cause a crash. OSS-Fuzz discovered this\nvulnerability (CVE-2020-3341)\n","modified":"2026-02-04T03:55:33.938328Z","published":"2020-05-24T18:04:47Z","related":["CVE-2020-3327","CVE-2020-3341"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2020-0226.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=26653"},{"type":"REPORT","url":"https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html"},{"type":"REPORT","url":"https://www.debian.org/lts/security/2020/dla-2215"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:7","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-7"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.102.3-1.mga7"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2020-0226.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}