Alerts This Week
Warning Icon 1 727
Alerts This Week
Warning Icon 1 727

Mageia: MGASA-2022-0187 Moderate: ClamAV Infinite Loop and Memory Leak

mageia
Calendar Grey May 15, 2022
Dist Mageia Esm H88
MGASA-2022-0190 tackles various vulnerabilities in OpenSSH, covering endless recursion, resource exhaustion, and integer overflow scenarios.
Infinite loop vulnerability in the CHM file parser

Summary

Infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (CVE-2022-20770)
Infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. (CVE-2022-20771)
Memory leak in the HTML file parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (CVE-2022-20785)
Multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. (CVE-2022-20792)
NULL-pointer dereference...

Read the Full Advisory

References

- https://bugs.mageia.org/show_bug.cgi?id=30417

- https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

- https://www.suse.com/support/update/announcement/2022/suse-su-20221647-1/

-

- https://www.cve.org/CVERecord?id=CVE-2022-20770

- https://www.cve.org/CVERecord?id=CVE-2022-20771

- https://www.cve.org/CVERecord?id=CVE-2022-20785

- https://www.cve.org/CVERecord?id=CVE-2022-20792

- https://www.cve.org/CVERecord?id=CVE-2022-20796

Topics%20covered

Topics Covered

security advisory buffer overflow memory leak infinite loop clamav parser issue mageia

Resolution

SRPMS

- 8/core/clamav-0.103.6-1.mga8

Publication date: 15 May 2022
URL: https://advisories.mageia.org/MGASA-2022-0187.html
Type: security
CVE: CVE-2022-20770, CVE-2022-20771, CVE-2022-20785, CVE-2022-20792, CVE-2022-20796

Topics%20covered

Topics Covered

security advisory buffer overflow memory leak infinite loop clamav parser issue mageia

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here