A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
References
Link | Resource |
---|---|
https://bugzilla.clamav.net/show_bug.cgi?id=12170 | Issue Tracking Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html | Mailing List Third Party Advisory |
https://secuniaresearch.flexerasoftware.com/advisories/83000/ | Permissions Required Third Party Advisory |
https://security.gentoo.org/glsa/201904-12 | Third Party Advisory |
https://usn.ubuntu.com/3789-1/ | Third Party Advisory |
https://usn.ubuntu.com/3789-2/ | Third Party Advisory |
https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: cisco
Published: 2018-10-03T00:00:00
Updated: 2019-04-11T02:06:01
Reserved: 2018-08-17T00:00:00
Link: CVE-2018-15378
JSON object: View
NVD Information
Status : Modified
Published: 2018-10-15T17:29:00.677
Modified: 2019-10-09T23:35:29.123
Link: CVE-2018-15378
JSON object: View
Redhat Information
No data.
CWE