There is a possible heap overflow in libclamav/fsg.c before 0.100.0. Reference: https://security-tracker.debian.org/tracker/CVE-2007-0899
Created clamav tracking bugs for this issue: Affects: epel-all [bug 1771395] Affects: fedora-all [bug 1771394]
(In reply to Dhananjay Arunesh from comment #0) > There is a possible heap overflow in libclamav/fsg.c before 0.100.0. > > Reference: > https://security-tracker.debian.org/tracker/CVE-2007-0899 https://apps.fedoraproject.org/packages/clamav Rawhide 0.101.4-1.fc32 None Fedora 32 0.101.4-1.fc32 None Fedora 31 0.101.4-1.fc31 None Fedora 30 0.101.4-1.fc30 (update) None Fedora 29 0.101.4-1.fc29 (update) None Fedora EPEL 8 0.101.4-1.el8 None Fedora EPEL 7 0.101.4-1.el7 None Fedora EPEL 6 0.100.3-1.el6 None
CVSS has been updated to match NIST. This flaw pre-dates the existing upstream git repo, so I've been unable to find the specific patch that addressed the flaw. However, based on other "possible heap overflows" from that era, their CVSS looks to be appropriate. It's possible this flaw is the same one from 2005 noted here: https://seclists.org/vulnwatch/2005/q4/33