Integer Overflow Vulnerability in ClamAV Affecting File Parsing
CVE-2018-0360

5.5MEDIUM

Key Information:

Vendor: Clamav
Status: Clamav Before 0.100.1 Unknown
Vendor: CVE Published:; 16 July 2018

What is CVE-2018-0360?

ClamAV versions prior to 0.100.1 are susceptible to an integer overflow vulnerability when parsing specially crafted Hangul Word Processor (HWP) files. An attacker can exploit this weakness, leading to an infinite loop that may disrupt service. This issue is associated with the parsehwp3_paragraph() function in libclamav/hwp.c, highlighting the importance of updating to the patched version to safeguard systems against potential exploitation.

Affected Version(s)

ClamAV before 0.100.1 unknown ClamAV before 0.100.1 unknown

References

http://www.securitytracker.com/id/1041367

vdb-entryx_refsource_SECTRACK

https://blog.clamav.net/2018/07/clamav-01001-has-been-rel...

x_refsource_CONFIRM

https://usn.ubuntu.com/3722-1/

vendor-advisoryx_refsource_UBUNTU

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 16, 2018
Vulnerability Reserved
Nov 27, 2017

Clamav

What is CVE-2018-0360?

Affected Version(s)

References

CVSS V3.1

Timeline