Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.
Created clamav tracking bugs for this issue:
Affects: epel-all [bug 1858266]
Affects: fedora-all [bug 1858265]
There is no mitigation for this issue, the flaw can only be resolved by applying updates.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):