Vulnerability CVE-2018-15378: Information
Description
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
Severity: MEDIUM (5.5) Vector: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
|---|---|---|---|---|---|---|
| clamav | sisyphus | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
| clamav | p10 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
| clamav | p9 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
| clamav | p8 | 0.100.2-alt0.M80P.1 | 0.103.8-alt1 | ALT-PU-2018-2506-1 | 215132 | Fixed |
| clamav | c10f1 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
| clamav | c9f2 | 0.100.2-alt1 | 0.103.8-alt1 | ALT-PU-2018-2498-1 | 215109 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
|---|---|
| 83000 |
|
| https://bugzilla.clamav.net/show_bug.cgi?id=12170 |
|
| USN-3789-1 |
|
| USN-3789-2 |
|
| [debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update |
|
| https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html |
|
| GLSA-201904-12 |
|