PT-2018-13007 · Cisco+3 · Clamav+3

Published

2018-10-08

·

Updated

2024-06-15

·

CVE-2018-15378

CVSS v3.1

5.5

Medium

VectorAV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions ClamAV versions prior to 0.100.2
Description A denial of service (DoS) condition can be caused by an attacker due to an error related to the MEW unpacker within the unmew11() function, which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
Recommendations For ClamAV versions prior to 0.100.2, update to version 0.100.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the unmew11() function in the libclamav/mew.c module until a patch is available.

Fix

DoS

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

ALT-PU-2018-2498
CVE-2018-15378
DLA-1553-1
MGASA-2018-0406
OPENSUSE-SU-2018_3315-1
OPENSUSE-SU-2018_3505-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2018:3250-1
SUSE-SU-2018:3436-1
SUSE-SU-2018:3436-2
SUSE-SU-2018:3441-1
USN-3789-1
USN-3789-2

Affected Products

Alt Linux
Clamav
Suse
Ubuntu