ClamAV 0.103.8 is a critical patch release with the following fixes:
-
CVE-2023-20032:
Fixed a possible remote code execution vulnerability in the HFS+ file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
CVE-2023-20052:
Fixed a possible remote information leak vulnerability in the DMG file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
Update vendored libmspack library to version 0.11alpha.
- GitHub pull request: #830
Special thanks to the following people for code contributions and bug reports:
- Simon Scannell