AVG-602

Package clamav
Status Fixed
Severity Critical
Type multiple issues
Affected 0.99.3-1
Fixed 0.99.4-1
Current 0.100.0-1 [extra]
Ticket None
Created Wed Jan 31 01:14:54 2018
Issue Severity Remote Type Description
CVE-2018-1000085 Medium Yes Denial of service
A heap-based out-of-bounds read has been found in the xar_hash_check function of the xar decoder of ClamAV before 0.99.4, leading to a denial of service.
CVE-2018-0202 Critical Yes Arbitrary code execution
A heap overflow has been discovered in ClamAv before 0.99.4 in pdf_parse_string possibly leading to arbitrary code execution by inspecting a specially...
CVE-2017-6419 Critical Yes Arbitrary code execution
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4, allows remote attackers to cause a denial of service (heap-based buffer overflow and...
CVE-2017-11423 Medium Yes Denial of service
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4  and other products, allows remote attackers to cause...
CVE-2012-6706 Critical Yes Arbitrary code execution
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products,...
Date Advisory Package Description
18 Mar 2018 ASA-201803-14 clamav multiple issues