...
|
...
|
@@ -7,11 +7,19 @@ Note: This file refers to the source tarball. Things described here may differ
|
7
|
7
|
|
8
|
8
|
ClamAV 0.102.3 is a bug patch release to address the following issues.
|
9
|
9
|
|
10
|
|
-- Updated libclamunrar to UnRAR 5.9.2.
|
|
10
|
+- [CVE-2020-3327](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327):
|
|
11
|
+ Fix a vulnerability in the ARJ archive parsing module in ClamAV 0.102.2 that
|
|
12
|
+ could cause a Denial-of-Service (DoS) condition. Improper bounds checking of
|
|
13
|
+ an unsigned variable results in an out-of-bounds read which causes a crash.
|
11
|
14
|
|
12
|
|
-Special thanks to the following for code contributions and bug reports:
|
|
15
|
+ Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ
|
|
16
|
+ parsing vulnerability.
|
|
17
|
+
|
|
18
|
+- Fix "Attempt to allocate 0 bytes" error when parsing some PDF documents.
|
13
|
19
|
|
14
|
|
--
|
|
20
|
+- Fix a couple of minor memory leaks.
|
|
21
|
+
|
|
22
|
+- Updated libclamunrar to UnRAR 5.9.2.
|
15
|
23
|
|
16
|
24
|
## 0.102.2
|
17
|
25
|
|