| Errata ID | 442 |
|---|---|
| Date | 2018-08-15 |
| Source package | clamav |
| Fixed in version | 0.100.1+dfsg-0+deb8u0A~4.2.0.201808131059 |
| Description | This update addresses the following issues: * Remote denial of service due to an out-of-bounds read when ClamAV scans Portable Document Format (.pdf) files (CVE-2018-0202) * Remote denial of service due to HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor (HWP) file (CVE-2018-0360) * Remote denial of service due to ClamAV lacking a PDF object length check, resulting in an unreasonably long time to parse a relatively small file (CVE-2018-0361) * Out of bounds heap memory read vulnerability in XAR parser, that can result in leaking of memory, may help in developing exploit chains. This attack appears to be exploitable in case the victim scans a crafted XAR file (CVE-2018-1000085) |
| Additional notes | |
| CVE ID | CVE-2018-0202 CVE-2018-0360 CVE-2018-0361 CVE-2018-1000085 |
| UCS Bug number | #47474 |
