PT-2018-8667 · Cisco+3 · Clamav+3

Publicado

2018-03-04

Atualizado

2026-02-06

CVE-2018-0202

CVSS v3.1

5.5

Média

Vetor

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: ClamAV versions prior to 0.99.4

Description: The issue is caused by improper input validation when handling Portable Document Format (.pdf) files, allowing an unauthenticated, remote attacker to cause a denial of service (DoS) condition. This can be achieved by sending a crafted .pdf file, which could cause an out-of-bounds read when scanned, resulting in a DoS condition. The vulnerability concerns the pdf parse array and pdf parse string functions in libclamav/pdfng.c.

Recommendations: For ClamAV versions prior to 0.99.4, update to version 0.99.4 or later to resolve the issue. As a temporary workaround, consider restricting the scanning of .pdf files until the update is applied.

Correção

DoS

Out of bounds Read

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125

Identificadores relacionados

ALT-PU-2018-1363

CLEANSTART-2026-LA13761

CLEANSTART-2026-NJ87139

CLEANSTART-2026-TC95380

CLEANSTART-2026-WX01708

CVE-2018-0202

DLA-1307-1

MGASA-2018-0169

OPENSUSE-SU-2018_0825-1

OPENSUSE-SU-2024:10685-1

SUSE-SU-2018:0809-1

SUSE-SU-2018:0863-1

USN-3592-1

USN-3592-2

Produtos afetados

Alt Linux

Clamav

Suse

Ubuntu

PT-2018-8667 · Cisco+3 · Clamav+3

CVE-2018-0202

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 169