CVE-2018-0202Out-of-bounds Read in Clamav

CWE-125Out-of-bounds Read7 documents5 sources
Severity
5.5MEDIUMNVD
EPSS
2.2%
top 15.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
ClamavDebian ClamavCanonical Ubuntu Linux+1 more
Timeline
PublishedMar 27
Latest updateMay 14

Description

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds rea

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages5 packages

debiandebian/clamav< clamav 0.100.0~beta+dfsg-2 (bookworm)
Debianclamav/clamav< 0.100.0~beta+dfsg-2+3
Ubuntuclamav/clamav< 0.99.4+addedllvm-0ubuntu0.14.04.1+1
NVDclamav/clamav0.99.3
CVEListV5clamav/clamavClamAV

Also affects: Debian Linux 7.0, Ubuntu Linux 12.04, 14.04, 16.04, 17.10

Patches

Patch: bugzilla.clamav.netPatch: bugzilla.clamav.net

🔴Vulnerability Details

3
GHSA
GHSA-r382-prm5-5rqf: clamscan in ClamAV before 02022-05-14
OSV
CVE-2018-0202: clamscan in ClamAV before 02018-03-27
OSV
clamav vulnerabilities2018-03-08

📋Vendor Advisories

3
Ubuntu
ClamAV vulnerabilities2018-03-08
Ubuntu
ClamAV vulnerabilities2018-03-08
Debian
CVE-2018-0202: clamav - clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an un...2018