A release of the free anti-virus package ClamAV 0.103.2 has been created, which eliminates several vulnerabilities:
- CVE-2021-1386 - Elevation of privilege on the Windows platform due to insecure loading of the UnRAR DLL (a local user can host their DLL under the guise of an UnRAR library and achieve code execution with system privileges).
- CVE-2021-1252 - A loop occurs when processing specially crafted XLM Excel files.
- CVE-2021-1404 β Process crash when processing specially crafted PDF documents.
- CVE-2021-1405 - A crash due to NULL pointer dereference in the email parser.
- Memory leak in PNG image parsing code.
Among the changes not related to security, the SafeBrowsing settings have been deprecated, which has been converted into a stub that does nothing due to Google changing the conditions for access to the Safe Browsing API. The FreshClam utility has improved processing of HTTP codes 304, 403 and 429, and also returned the mirrors.dat file to the database directory.
Source: opennet.ru