Debian LTS: DLA-3983-1: clamav Security Advisory Updates
debian lts
December 6, 2024
Two vulnerabilities were found in ClamAV, an antivirus toolkit for Unix
Topics Covered
Summary
CVE-2024-20505
Affected versions could allow an unauthenticated, remote attacker to cause
a denial of service (DoS) condition on an affected device. The
vulnerability is due to an out of bounds read. An attacker could exploit
this vulnerability by submitting a crafted PDF file to be scanned by ClamAV
on an affected device. An exploit could allow the attacker to terminate the
scanning process.
CVE-2024-20506
Affected versions could allow an authenticated, local attacker to corrupt
critical system files. The vulnerability is due to allowing the ClamD
process to write to its log file while privileged without checking if the
logfile has been replaced with a symbolic link. An attacker could exploit
this vulnerability if they replace the ClamD log file with a symlink to a
critical system file and then find a way to restart the ClamD process. An
exploit could allow the attacker to corrupt a critical system file by
PREVIOUS
NEXT
Severity
important
Lowest
Low
Medium
High
Critical
Package: clamav
Version: 1.0.7+dfsg-1~deb11u1
CVE ID: CVE-2024-20505 CVE-2024-20506
Debian Bug: #1080962
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!