Source: clamav Version: 1.3.1+dfsg-5 Severity: grave Tags: security upstream X-Debbugs-Cc: car...@debian.org, Debian Security Team <t...@security.debian.org> Control: found -1 1.0.5+dfsg-1~deb12u1 Control: found -1 0.103.10+dfsg-0+deb11u1
Hi, The following vulnerabilities were published for clamav. CVE-2024-20505[0]: | A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) | versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 | and prior versions, all 0.105.x versions, all 0.104.x versions, and | 0.103.11 and all prior versions could allow an unauthenticated, | remote attacker to cause a denial of service (DoS) condition on an | affected device. The vulnerability is due to an out of bounds | read. An attacker could exploit this vulnerability by submitting a | crafted PDF file to be scanned by ClamAV on an affected device. An | exploit could allow the attacker to terminate the scanning process. CVE-2024-20506[1]: | A vulnerability in the ClamD service module of Clam AntiVirus | (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x | versions, 1.0.6 and prior versions, all 0.105.x versions, all | 0.104.x versions, and 0.103.11 and all prior versions could allow an | authenticated, local attacker to corrupt critical system files. | The vulnerability is due to allowing the ClamD process to write to | its log file while privileged without checking if the logfile has | been replaced with a symbolic link. An attacker could exploit this | vulnerability if they replace the ClamD log file with a symlink to a | critical system file and then find a way to restart the ClamD | process. An exploit could allow the attacker to corrupt a critical | system file by appending ClamD log messages after restart. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2024-20505 https://www.cve.org/CVERecord?id=CVE-2024-20505 [1] https://security-tracker.debian.org/tracker/CVE-2024-20506 https://www.cve.org/CVERecord?id=CVE-2024-20506 [2] https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html Regards, Salvatore
