OESA-2022-1683

See a problem?
Please try reporting it to the source first.
Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2022-1683
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2022-1683.json
JSON Data
https://api.test.osv.dev/v1/vulns/OESA-2022-1683
Upstream
Published
2022-05-28T11:03:50Z
Modified
2025-08-12T05:12:00.679327Z
Summary
clamav security update
Details

Clam AntiVirus (clamav) is an open source antivirus engine for detecting trojans, viruses, malware and other malicious threats. The main purpose of this software is the integration with mail servers (attachment scanning). The package provides a flexible and scalable multi-threaded daemon, a command line scanner, and a tool for automatic updating via Internet. The programs are based on a shared library distributed with the Clam AntiVirus package, which you can use with your own software. he virus database is based on the virus database from OpenAntiVirus, but contains additional signatures and is KEPT UP TO DATE.

Security Fix(es):

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20770)

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20771)

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.(CVE-2022-20785)

Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.(CVE-2022-20792)

Database specific 
{
    "severity": "High"
}
References

Affected packages

openEuler:20.03-LTS-SP1 / clamav

Package

Name
clamav
Purl
pkg:rpm/openEuler/clamav&distro=openEuler-20.03-LTS-SP1

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-3.oe1

Ecosystem specific 

{
    "noarch": [
        "clamav-data-0.103.6-3.oe2203.noarch.rpm",
        "clamav-filesystem-0.103.6-3.oe1.noarch.rpm"
    ],
    "src": [
        "clamav-0.103.6-3.oe1.src.rpm"
    ],
    "aarch64": [
        "clamav-0.103.6-3.oe1.aarch64.rpm",
        "clamav-debuginfo-0.103.6-3.oe1.aarch64.rpm",
        "clamav-debugsource-0.103.6-3.oe1.aarch64.rpm",
        "clamav-devel-0.103.6-3.oe1.aarch64.rpm",
        "clamav-help-0.103.6-3.oe1.aarch64.rpm",
        "clamav-milter-0.103.6-3.oe1.aarch64.rpm",
        "clamav-update-0.103.6-3.oe1.aarch64.rpm",
        "clamd-0.103.6-3.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "clamav-0.103.6-3.oe1.x86_64.rpm",
        "clamav-debuginfo-0.103.6-3.oe1.x86_64.rpm",
        "clamav-debugsource-0.103.6-3.oe1.x86_64.rpm",
        "clamav-devel-0.103.6-3.oe1.x86_64.rpm",
        "clamav-help-0.103.6-3.oe1.x86_64.rpm",
        "clamav-milter-0.103.6-3.oe1.x86_64.rpm",
        "clamav-update-0.103.6-3.oe1.x86_64.rpm",
        "clamd-0.103.6-3.oe1.x86_64.rpm"
    ]
}

openEuler:20.03-LTS-SP3 / clamav

Package

Name
clamav
Purl
pkg:rpm/openEuler/clamav&distro=openEuler-20.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-3.oe1

Ecosystem specific 

{
    "noarch": [
        "clamav-data-0.103.6-3.oe1.noarch.rpm",
        "clamav-filesystem-0.103.6-3.oe1.noarch.rpm"
    ],
    "src": [
        "clamav-0.103.6-3.oe1.src.rpm"
    ],
    "aarch64": [
        "clamav-0.103.6-3.oe1.aarch64.rpm",
        "clamav-debuginfo-0.103.6-3.oe1.aarch64.rpm",
        "clamav-debugsource-0.103.6-3.oe1.aarch64.rpm",
        "clamav-devel-0.103.6-3.oe1.aarch64.rpm",
        "clamav-help-0.103.6-3.oe1.aarch64.rpm",
        "clamav-milter-0.103.6-3.oe1.aarch64.rpm",
        "clamav-update-0.103.6-3.oe1.aarch64.rpm",
        "clamd-0.103.6-3.oe1.aarch64.rpm"
    ],
    "x86_64": [
        "clamav-0.103.6-3.oe1.x86_64.rpm",
        "clamav-debuginfo-0.103.6-3.oe1.x86_64.rpm",
        "clamav-debugsource-0.103.6-3.oe1.x86_64.rpm",
        "clamav-devel-0.103.6-3.oe1.x86_64.rpm",
        "clamav-help-0.103.6-3.oe1.x86_64.rpm",
        "clamav-milter-0.103.6-3.oe1.x86_64.rpm",
        "clamav-update-0.103.6-3.oe1.x86_64.rpm",
        "clamd-0.103.6-3.oe1.x86_64.rpm"
    ]
}

openEuler:22.03-LTS / clamav

Package

Name
clamav
Purl
pkg:rpm/openEuler/clamav&distro=openEuler-22.03-LTS

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
0.103.6-3.oe2203

Ecosystem specific 

{
    "noarch": [
        "clamav-data-0.103.6-3.oe2203.noarch.rpm",
        "clamav-filesystem-0.103.6-3.oe2203.noarch.rpm"
    ],
    "src": [
        "clamav-0.103.6-3.oe2203.src.rpm"
    ],
    "aarch64": [
        "clamav-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-debuginfo-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-debugsource-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-devel-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-help-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-milter-0.103.6-3.oe2203.aarch64.rpm",
        "clamav-update-0.103.6-3.oe2203.aarch64.rpm",
        "clamd-0.103.6-3.oe2203.aarch64.rpm"
    ],
    "x86_64": [
        "clamav-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-debuginfo-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-debugsource-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-devel-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-help-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-milter-0.103.6-3.oe2203.x86_64.rpm",
        "clamav-update-0.103.6-3.oe2203.x86_64.rpm",
        "clamd-0.103.6-3.oe2203.x86_64.rpm"
    ]
}