Back to search
CVE-2018-15378
Published: Oct 15, 2018
Modified: Nov 26, 2024
PUBLISHED
Description
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
| Vendor | Product | Versions |
|---|---|---|
Cisco | ClamAV | affected unspecified - < 0.100.2 |
Weaknesses (CWE)
References
[debian-lts-announce] 20181024 [SECURITY] [DLA 1553-1] clamav security update
mailing-list
x_refsource_MLIST
https://bugzilla.clamav.net/show_bug.cgi?id=12170
x_refsource_CONFIRM
83000
third-party-advisory
x_refsource_SECUNIA
USN-3789-2
vendor-advisory
x_refsource_UBUNTU
USN-3789-1
vendor-advisory
x_refsource_UBUNTU
GLSA-201904-12
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now