clamav -- Multiple vulnerabilities

The ClamAV project reports:

CVE-2024-20505

      A vulnerability in the PDF parsing module of Clam
      AntiVirus (ClamAV) could allow an unauthenticated,
      remote attacker to cause a denial of service (DoS)
      condition on an affected device. The vulnerability is
      due to an out of bounds read. An attacker could exploit
      this vulnerability by submitting a crafted PDF file to
      be scanned by ClamAV on an affected device. An exploit
      could allow the attacker to terminate the scanning
      process.

CVE-2024-20506

      A vulnerability in the ClamD service module of Clam
      AntiVirus (ClamAV) could allow an authenticated, local
      attacker to corrupt critical system files. The
      vulnerability is due to allowing the ClamD process to
      write to its log file while privileged without checking
      if the logfile has been replaced with a symbolic
      link. An attacker could exploit this vulnerability if
      they replace the ClamD log file with a symlink to a
      critical system file and then find a way to restart the
      ClamD process. An exploit could allow the attacker to
      corrupt a critical system file by appending ClamD log
      messages after restart.