CVE-2018-0361 — Improper Input Validation in Clamav

CWE-20 — Improper Input Validation13 documents6 sources

Severity

3.3LOWNVD

OSV5.5

EPSS

0.7%

top 27.52%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Debian Clamav Debian Linux

Timeline

PublishedJul 16

Latest updateMay 14

Description

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:LExploitability: 1.8 | Impact: 1.4

Affected Packages4 packages

▶NVDclamav/clamav< 0.100.1

▶debiandebian/clamav< clamav 0.100.1+dfsg-1 (bookworm)

▶Debianclamav/clamav< 0.100.1+dfsg-1+3

▶Ubuntuclamav/clamav< 0.100.1+dfsg-1ubuntu0.14.04.4+8

Also affects: Debian Linux 8.0

🔴Vulnerability Details

GHSA

GHSA-6v8f-c4v7-qcfg: ClamAV before 0↗2022-05-14

▶

OSV

clamav regression↗2018-09-18

▶

OSV

clamav regression↗2018-07-26

▶

OSV

clamav vulnerabilities↗2018-07-24

▶

OSV

CVE-2018-0361: ClamAV before 0↗2018-07-16

▶

📋Vendor Advisories

Ubuntu

ClamAV vulnerabilities↗2018-09-18

▶

Ubuntu

ClamAV regression↗2018-09-18

▶

Ubuntu

ClamAV regression↗2018-07-26

▶

Ubuntu

ClamAV vulnerabilities↗2018-07-25

▶

Ubuntu

ClamAV vulnerabilities↗2018-07-24

▶

💬Community

Bugzilla

CVE-2018-0361 clamav: pdf object length check leads to dos↗2019-04-11

▶