CVE-2020-3327

Priority
Description
A vulnerability in the ARJ archive parsing module in Clam AntiVirus
(ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote
attacker to cause a denial of service condition on an affected device. The
vulnerability is due to a heap buffer overflow read. An attacker could
exploit this vulnerability by sending a crafted ARJ file to an affected
device. An exploit could allow the attacker to cause the ClamAV scanning
process crash, resulting in a denial of service condition.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.102.3)
Ubuntu 12.04 ESM (Precise Pangolin):released (0.102.3+dfsg-0ubuntu0.12.04.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (0.102.3+dfsg-0ubuntu0.14.04.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.102.3+dfsg-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.102.3+dfsg-0ubuntu0.18.04.1)
Ubuntu 19.10 (Eoan Ermine):released (0.102.3+dfsg-0ubuntu0.19.10.1)
Ubuntu 20.04 LTS (Focal Fossa):released (0.102.3+dfsg-0ubuntu0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):pending (0.102.3+dfsg-1)
More Information

Updated: 2020-05-29 19:17:12 UTC (commit 2d0d387aa141e969cc1ddbb230ab2faa3ee568d5)