Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2020-3341

A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

Related bugs and status

CVE-2020-3341 (Candidate) is related to these bugs:

Bug #1878294: ClamAV needs updated to reflect security fixes

Summary				In	Importance	Status
	1878294	ClamAV needs updated to reflect security fixes		clamav (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

CISCO: https://blog.clamav.ne...
MLIST: [debian-lts-announce] ...
FEDORA: FEDORA-2020-b0acd7b66e
FEDORA: FEDORA-2020-bca44487a1
FEDORA: FEDORA-2020-d98d2cbae1
UBUNTU: USN-4370-1
UBUNTU: USN-4370-2