First published: Mon Oct 15 2018(Updated: )
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
Credit: ykramarz@cisco.com ykramarz@cisco.com
Affected Software | Affected Version | How to fix |
---|---|---|
Clamav Clamav | <0.100.2 | |
Debian Debian Linux | =8.0 | |
Canonical Ubuntu Linux | =12.04 | |
Canonical Ubuntu Linux | =14.04 | |
Canonical Ubuntu Linux | =16.04 | |
Canonical Ubuntu Linux | =18.04 | |
debian/clamav | 0.103.10+dfsg-0+deb11u1 1.0.7+dfsg-1~deb11u2 1.0.7+dfsg-1~deb12u1 1.4.1+dfsg-1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this ClamAV vulnerability is CVE-2018-15378.
The severity of CVE-2018-15378 is medium with a CVSS score of 5.5.
CVE-2018-15378 allows an attacker to cause a denial of service (DoS) condition in ClamAV versions prior to 0.100.2.
To fix CVE-2018-15378, update your ClamAV installation to version 0.100.2 or later.
You can find more information about CVE-2018-15378 in the following references: [Bugzilla](https://bugzilla.clamav.net/show_bug.cgi?id=12170), [Secunia Research](https://secuniaresearch.flexerasoftware.com/advisories/83000/), [Ubuntu Security Notice](https://usn.ubuntu.com/3789-1/).