Project

General

Profile

Bug #9168

Bug #9167: clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)

[3.8] clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)

Added by Alicha CH 6 months ago. Updated 5 months ago.

Status:
Closed
Priority:
Normal
Category:
Security
Target version:
Start date:
07/31/2018
Due date:
% Done:

100%

Estimated time:
Affected versions:
Security IDs:

Description

CVE-2018-0360: ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via
a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

References:

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0360

CVE-2018-0361: ClamAV before 0.100.1 lacks a PDF object length check, resulting in
an unreasonably long time to parse a relatively small file.

References:

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
https://nvd.nist.gov/vuln/detail/CVE-2018-0361


Related issues

Copied from Alpine Linux - Bug #9167: clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361)Closed2018-07-31

Associated revisions

Revision 90552e26 (diff)
Added by Carlo Landmeter 5 months ago

main/clamav: upgrade to 0.100.1 (CVE-2017-16932,CVE-2018-0360,CVE-2018-0361)

fixes #9168

History

#1 Updated by Alicha CH 6 months ago

  • Copied from Bug #9167: clamav: Multiple vulnerabilities (CVE-2018-0360, CVE-2018-0361) added

#2 Updated by Anonymous 5 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

#3 Updated by Alicha CH 5 months ago

  • Project changed from Alpine Security to Alpine Linux
  • Category set to Security
  • Status changed from Resolved to Closed
  • Security IDs deleted (CVE-2018-0360, CVE-2018-0361)

Also available in: Atom PDF