ClamAV 1.0.1 is a critical patch release with the following fixes:
-
CVE-2023-20032:
Fixed a possible remote code execution vulnerability in the HFS+ file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
CVE-2023-20052:
Fixed a possible remote information leak vulnerability in the DMG file parser.
Issue affects versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and
earlier.
Thank you to Simon Scannell for reporting this issue. -
Fix allmatch detection issue with the preclass bytecode hook.
- GitHub pull request: #825
-
Update vendored libmspack library to version 0.11alpha.
- GitHub pull request: #828
Special thanks to the following people for code contributions and bug reports:
- Simon Scannell