{"id":"MGASA-2014-0487","summary":"Updated clamav packages fix security vulnerabilities","details":"Certain javascript files causes ClamAV to segfault when scanned with\nthe -a (list archived files) (CVE-2013-6497).\n\nA heap buffer overflow was reported in ClamAV when scanning a specially\ncrafted y0da Crypter obfuscated PE file (CVE-2014-9050).\n\nClamAV has been updated to version 0.98.5 to address these and other issues.\n","modified":"2026-04-16T01:47:51.206861239Z","published":"2014-11-26T10:14:01Z","upstream":["CVE-2014-6497","CVE-2014-9050"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0487.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14608"},{"type":"REPORT","url":"https://bugzilla.clamav.net/show_bug.cgi?id=11088"},{"type":"WEB","url":"http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html"},{"type":"ADVISORY","url":"http://www.mandriva.com/en/support/security/advisories/mbs1/MDVSA-2014%3A217/"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/11/22/1"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.98.5-1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0487.json"}},{"package":{"name":"clamav","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.98.5-1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0487.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}