CVE-2020-3341

Priority
Description
A vulnerability in the PDF archive parsing module in Clam AntiVirus
(ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated,
remote attacker to cause a denial of service condition on an affected
device. The vulnerability is due to a stack buffer overflow read. An
attacker could exploit this vulnerability by sending a crafted PDF file to
an affected device. An exploit could allow the attacker to cause the ClamAV
scanning process crash, resulting in a denial of service condition.
Assigned-to
mdeslaur
Notes
Package
Upstream:released (0.102.3)
Ubuntu 12.04 ESM (Precise Pangolin):released (0.102.3+dfsg-0ubuntu0.12.04.1)
Ubuntu 14.04 ESM (Trusty Tahr):released (0.102.3+dfsg-0ubuntu0.14.04.1+esm1)
Ubuntu 16.04 LTS (Xenial Xerus):released (0.102.3+dfsg-0ubuntu0.16.04.1)
Ubuntu 18.04 LTS (Bionic Beaver):released (0.102.3+dfsg-0ubuntu0.18.04.1)
Ubuntu 19.10 (Eoan Ermine):released (0.102.3+dfsg-0ubuntu0.19.10.1)
Ubuntu 20.04 LTS (Focal Fossa):released (0.102.3+dfsg-0ubuntu0.20.04.1)
Ubuntu 20.10 (Groovy Gorilla):pending (0.102.3+dfsg-1)
More Information

Updated: 2020-05-29 19:17:12 UTC (commit 2d0d387aa141e969cc1ddbb230ab2faa3ee568d5)