Skip to content

GitLab

  • Menu
Projects Groups Snippets
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Sign in / Register
  • aports aports
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 719
    • Issues 719
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 325
    • Merge requests 325
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar
  • alpine
  • aportsaports
  • Issues
  • #8693
Closed
Open
Created Mar 20, 2018 by Alicha CH@alichaReporter

clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)

CVE-2018-0202: Out-of-bounds access in the PDF parser

Fixed In Version:

clamav 0.99.4

References:

https://bugzilla.clamav.net/show\_bug.cgi?id=11973
https://security-tracker.debian.org/tracker/CVE-2018-0202

CVE-2018-1000085: Out of bounds heap memory read in xar parser

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser,
function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted XAR file.

Fixed In Version:

clamav 0.99.4

References:

https://nvd.nist.gov/vuln/detail/CVE-2018-1000085
http://www.openwall.com/lists/oss-security/2017/09/29/4

Patch:

https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6

(from redmine: issue id 8693, created on 2018-03-20, closed on 2018-04-16)

  • Relations:
    • copied_to #8694 (closed)
    • copied_to #8695 (closed)
    • copied_to #8696 (closed)
    • copied_to #8697 (closed)
    • child #8694 (closed)
    • child #8695 (closed)
    • child #8696 (closed)
    • child #8697 (closed)
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information
Assignee
Assign to
Time tracking