Advisories ยป MGASA-2018-0317

Updated clamav packages fix security vulnerabilities

Publication date: 23 Jul 2018
Modification date: 23 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0360 , CVE-2018-0361

Description

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite
loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph()
in libclamav/hwp.c. (CVE-2018-0360)

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an
unreasonably long time to parse a relatively small file. (CVE-2018-0361)
                

References

SRPMS

6/core