{"affected":[{"ecosystem_specific":{"binaries":[{"clamav":"0.103.6-150000.3.38.1","clamav-devel":"0.103.6-150000.3.38.1","libclamav9":"0.103.6-150000.3.38.1","libfreshclam2":"0.103.6-150000.3.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP3","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.103.6-150000.3.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"clamav":"0.103.6-150000.3.38.1","clamav-devel":"0.103.6-150000.3.38.1","libclamav9":"0.103.6-150000.3.38.1","libfreshclam2":"0.103.6-150000.3.38.1"}]},"package":{"ecosystem":"SUSE:Linux Enterprise Module for Basesystem 15 SP4","name":"clamav","purl":"pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.103.6-150000.3.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"clamav":"0.103.6-150000.3.38.1","clamav-devel":"0.103.6-150000.3.38.1","libclamav9":"0.103.6-150000.3.38.1","libfreshclam2":"0.103.6-150000.3.38.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.3","name":"clamav","purl":"pkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2015.3"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.103.6-150000.3.38.1"}],"type":"ECOSYSTEM"}]},{"ecosystem_specific":{"binaries":[{"clamav":"0.103.6-150000.3.38.1","clamav-devel":"0.103.6-150000.3.38.1","libclamav9":"0.103.6-150000.3.38.1","libfreshclam2":"0.103.6-150000.3.38.1"}]},"package":{"ecosystem":"openSUSE:Leap 15.4","name":"clamav","purl":"pkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2015.4"},"ranges":[{"events":[{"introduced":"0"},{"fixed":"0.103.6-150000.3.38.1"}],"type":"ECOSYSTEM"}]}],"aliases":[],"details":"This update for clamav fixes the following issues:\n\n- CVE-2022-20770: Fixed a possible infinite loop vulnerability in the CHM file parser (bsc#1199242).\n- CVE-2022-20796: Fixed a possible NULL-pointer dereference crash in the scan verdict cache check (bsc#1199246).\n- CVE-2022-20771: Fixed a possible infinite loop vulnerability in the TIFF file parser (bsc#1199244).\n- CVE-2022-20785: Fixed a possible memory leak in the HTML file parser / Javascript normalizer (bsc#1199245).\n- CVE-2022-20792: Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module (bsc#1199274).\n","id":"SUSE-SU-2022:1644-1","modified":"2022-05-12T05:57:38Z","published":"2022-05-12T05:57:38Z","references":[{"type":"ADVISORY","url":"https://www.suse.com/support/update/announcement/2022/suse-su-20221644-1/"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199242"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199244"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199245"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199246"},{"type":"REPORT","url":"https://bugzilla.suse.com/1199274"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-20770"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-20771"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-20785"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-20792"},{"type":"WEB","url":"https://www.suse.com/security/cve/CVE-2022-20796"}],"related":["CVE-2022-20770","CVE-2022-20771","CVE-2022-20785","CVE-2022-20792","CVE-2022-20796"],"summary":"Security update for clamav","upstream":["CVE-2022-20770","CVE-2022-20771","CVE-2022-20785","CVE-2022-20792","CVE-2022-20796"]}