clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)
CVE-2018-0202: Out-of-bounds access in the PDF parser
Fixed In Version:
clamav 0.99.4
References:
https://bugzilla.clamav.net/show\_bug.cgi?id=11973
https://security-tracker.debian.org/tracker/CVE-2018-0202
CVE-2018-1000085: Out of bounds heap memory read in xar parser
ClamAV version version 0.99.3 contains a Out of bounds heap memory read
vulnerability in XAR parser,
function xar_hash_check() that can result in Leaking of memory, may
help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted
XAR file.
Fixed In Version:
clamav 0.99.4
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000085
http://www.openwall.com/lists/oss-security/2017/09/29/4
Patch:
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
(from redmine: issue id 8693, created on 2018-03-20, closed on 2018-04-16)
- Relations:
- copied_to #8694 (closed)
- copied_to #8695 (closed)
- copied_to #8696 (closed)
- copied_to #8697 (closed)
- child #8694 (closed)
- child #8695 (closed)
- child #8696 (closed)
- child #8697 (closed)