release of free anti-virus package , which fixes the vulnerability CVE-2020-3123 in the implementation of the DLP (data-loss-prevention) mechanism, which is aimed at blocking leaks of credit card numbers. Due to a valid bounds check error, it is possible to create conditions for reading data from an area outside the allocated buffer, which can be used to launch a DoS attack and initiate a crash of the worker process. In addition, a fix for the CVE-0.102-2019 vulnerability, missed in the 1785 branch, has been added, which allows data to be written to the FS area outside the unpacking directory when scanning specially designed RAR archives.
The new release also fixes several non-security issues, fixes a crash when loading a new database version in freshclam, fixes a memory leak in the email parser, improves the performance of scanning PDF files on the Windows platform, strengthens the verification of ARJ archives, improves handling of incorrect PDF files , added support for autoconf 2.69 and automake 1.15.
Source: opennet.ru