{"id":"MGASA-2022-0187","summary":"Updated clamav packages fix security vulnerability","details":"Infinite loop vulnerability in the CHM file parser. Issue affects versions\n0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions.\n(CVE-2022-20770)\n\nInfinite loop vulnerability in the TIFF file parser. Issue affects versions\n0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The\nissue only occurs if the \"--alert-broken-media\" ClamScan option is enabled.\nFor ClamD, the affected option is \"AlertBrokenMedia yes\", and for libclamav\nit is the \"CL_SCAN_HEURISTIC_BROKEN_MEDIA\" scan option. (CVE-2022-20771)\n\nMemory leak in the HTML file parser / Javascript normalizer. Issue affects\nversions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior\nversions. (CVE-2022-20785)\n\nMulti-byte heap buffer overflow write vulnerability in the signature\ndatabase load module. The fix was to update the vendored regex library to\nthe latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS\nversion 0.103.5 and prior versions. (CVE-2022-20792)\n\nNULL-pointer dereference crash in the scan verdict cache check. Issue\naffects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. (CVE-2022-20796)\n","modified":"2026-02-02T03:49:10.449287Z","published":"2022-05-15T10:06:40Z","related":["CVE-2022-20770","CVE-2022-20771","CVE-2022-20785","CVE-2022-20792","CVE-2022-20796"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2022-0187.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=30417"},{"type":"REPORT","url":"https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html"},{"type":"REPORT","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221647-1/"},{"type":"REPORT","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/OQIRF7L5ZKGSRUC6DDORCDJYKMVJMCEB/"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:8","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-8"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.103.6-1.mga8"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2022-0187.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}