USN-6636-1

Details

It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2024-20290)

Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent feature. An attacker able to connect to ClamD could possibly use this issue to execute arbitrary code. (CVE-2024-20328)

Affected Packages

Ubuntu:23.10clamav

Fixed in:

1.0.5+dfsg-0ubuntu0.23.10.1

References

REPORThttps://ubuntu.com/security/CVE-2024-20290 REPORThttps://ubuntu.com/security/CVE-2024-20328 ADVISORYhttps://ubuntu.com/security/notices/USN-6636-1

USN-6636-1

Details

Affected Packages

References

Related

Ecosystems

Timeline