[3.7] clamav: Multiple vulnerabilities (CVE-2018-0202, CVE-2018-1000085)
CVE-2018-0202: Out-of-bounds access in the PDF parser
Fixed In Version:
clamav 0.99.4
References:
https://bugzilla.clamav.net/show\_bug.cgi?id=11973
https://security-tracker.debian.org/tracker/CVE-2018-0202
CVE-2018-1000085: Out of bounds heap memory read in xar parser
ClamAV version version 0.99.3 contains a Out of bounds heap memory read
vulnerability in XAR parser,
function xar_hash_check() that can result in Leaking of memory, may
help in developing exploit chains..
This attack appear to be exploitable via The victim must scan a crafted
XAR file.
Fixed In Version:
clamav 0.99.4
References:
https://nvd.nist.gov/vuln/detail/CVE-2018-1000085
http://www.openwall.com/lists/oss-security/2017/09/29/4
Patch:
https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6
(from redmine: issue id 8694, created on 2018-03-20, closed on 2018-04-12)
- Relations:
- copied_to #8693 (closed)
- parent #8693 (closed)
- Changesets:
- Revision 46ab3079 on 2018-04-11T18:15:28Z:
main/clamav: security upgrade 0.99.4
CVE-2018-0202, CVE-2018-1000085
Fixes #8694