Clam AntiVirus unmew11() Denial of Service Vulnerability
CVE-2018-15378

5.5MEDIUM

Key Information:

Vendor
Cisco
Status
Clamav
Vendor
CVE Published:
15 October 2018

Summary

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Affected Version(s)

ClamAV < 0.100.2

References

https://lists.debian.org/debian-lts-announce/2018/10/msg0...
mailing-listx_refsource_MLIST
https://bugzilla.clamav.net/show_bug.cgi?id=12170
x_refsource_CONFIRM
https://secuniaresearch.flexerasoftware.com/advisories/83...
third-party-advisoryx_refsource_SECUNIA

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.