What is the vulnerability ID for the ClamAV vulnerabilities?

The vulnerability ID for the ClamAV vulnerabilities is CVE-2018-0202.

How can a remote attacker exploit the ClamAV vulnerabilities?

A remote attacker could exploit the ClamAV vulnerabilities by using certain PDF or X files to either cause a denial of service or execute arbitrary code.

Which versions of ClamAV are affected by the vulnerabilities?

The versions of ClamAV affected by the vulnerabilities are 0.99.4+addedllvm-0ubuntu0.17.10.1, 0.99.4+addedllvm-0ubuntu0.16.04.1, and 0.99.4+addedllvm-0ubuntu0.14.04.1.

How can I fix the ClamAV vulnerabilities?

To fix the ClamAV vulnerabilities, you should update to the version 0.99.4+addedllvm-0ubuntu0.17.10.1 if you are using Ubuntu 17.10, update to the version 0.99.4+addedllvm-0ubuntu0.16.04.1 if you are using Ubuntu 16.04, or update to the version 0.99.4+addedllvm-0ubuntu0.14.04.1 if you are using Ubuntu 14.04.

Where can I find more information about the ClamAV vulnerabilities?

You can find more information about the ClamAV vulnerabilities on the Ubuntu security website: [CVE-2018-0202](https://ubuntu.com/security/CVE-2018-0202).

Vulnerability/
USN-3592-1

8/3/2018

USN-3592-1: ClamAV vulnerabilities

First published: Thu Mar 08 2018(Updated: )

It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Böck discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085)

Affected Software	Affected Version	How to fix
All of
ubuntu/clamav	<0.99.4+addedllvm-0ubuntu0.17.10.1	0.99.4+addedllvm-0ubuntu0.17.10.1
	=17.10
All of
ubuntu/clamav	<0.99.4+addedllvm-0ubuntu0.16.04.1	0.99.4+addedllvm-0ubuntu0.16.04.1
	=16.04
All of
ubuntu/clamav	<0.99.4+addedllvm-0ubuntu0.14.04.1	0.99.4+addedllvm-0ubuntu0.14.04.1
	=14.04

Never miss a vulnerability like this again

Reference Links

Child vulnerabilities

(Contains the following vulnerabilities)

Frequently Asked Questions

What is the vulnerability ID for the ClamAV vulnerabilities?
The vulnerability ID for the ClamAV vulnerabilities is CVE-2018-0202.
How can a remote attacker exploit the ClamAV vulnerabilities?
A remote attacker could exploit the ClamAV vulnerabilities by using certain PDF or X files to either cause a denial of service or execute arbitrary code.
Which versions of ClamAV are affected by the vulnerabilities?
The versions of ClamAV affected by the vulnerabilities are 0.99.4+addedllvm-0ubuntu0.17.10.1, 0.99.4+addedllvm-0ubuntu0.16.04.1, and 0.99.4+addedllvm-0ubuntu0.14.04.1.
How can I fix the ClamAV vulnerabilities?
To fix the ClamAV vulnerabilities, you should update to the version 0.99.4+addedllvm-0ubuntu0.17.10.1 if you are using Ubuntu 17.10, update to the version 0.99.4+addedllvm-0ubuntu0.16.04.1 if you are using Ubuntu 16.04, or update to the version 0.99.4+addedllvm-0ubuntu0.14.04.1 if you are using Ubuntu 14.04.
Where can I find more information about the ClamAV vulnerabilities?
You can find more information about the ClamAV vulnerabilities on the Ubuntu security website: [CVE-2018-0202](https://ubuntu.com/security/CVE-2018-0202).

agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/title
agent/type
collector/usn
source/Ubuntu
anchor-related/USN-3592-2
agent/software-canonical-lookup
package-manager/ubuntu
vendor/ubuntu
canonical/ubuntu ubuntu
version/ubuntu ubuntu/17.10
version/ubuntu ubuntu/16.04
version/ubuntu ubuntu/14.04