Updated clamav packages fix security vulnerabilities
Publication date: 23 Jul 2018Modification date: 23 Jul 2018
Type: security
Affected Mageia releases : 6
CVE: CVE-2018-0360 , CVE-2018-0361
Description
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite
loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph()
in libclamav/hwp.c. (CVE-2018-0360)
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an
unreasonably long time to parse a relatively small file. (CVE-2018-0361)
References
SRPMS
6/core
- clamav-0.100.1-1.mga6