CVE-2018-0202

Name
CVE-2018-0202
Description
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Issue Tracking https://bugzilla.clamav.net/show_bug.cgi?id=11980
Issue Tracking https://bugzilla.clamav.net/show_bug.cgi?id=11973
Third Party Advisory https://usn.ubuntu.com/3592-2/
Third Party Advisory https://usn.ubuntu.com/3592-1/
Mailing List https://lists.debian.org/debian-lts-announce/2018/03/msg00011.html
Third Party Advisory https://security.gentoo.org/glsa/201804-16

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:* clamav >= None <= 0.99.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status