rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP2-BCL
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCL
Vulnerabilities (25)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-14680 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | ||
| CVE-2018-14679 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||
| CVE-2018-0361 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | ||
| CVE-2018-0360 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. | ||
| CVE-2018-1000085 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR |
- CVE-2018-14680Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- CVE-2018-14679Jul 28, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
- CVE-2018-0361Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- CVE-2018-0360Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- CVE-2018-1000085Mar 13, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
Page 2 of 2