MGASA-2022-0024

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2022-0024.html

Import Source

https://advisories.mageia.org/MGASA-2022-0024.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2022-0024

Related

CVE-2022-20698

Published

2022-01-18T19:29:46Z

Modified

2022-01-18T18:53:44Z

Summary

Updated clamav packages fix security vulnerability

Details

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. (CVE-2022-20698)

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

MGASA-2022-0024

Affected packages