CVE-2018-0202

27.03.2018, 09:29

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	5.5 MEDIUM	LOCAL	LOW	NONE	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
cisco	CNA	---				---
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
clamav	clamav	𝑥 ≤ 0.99.3
canonical	ubuntu_linux	12.04
canonical	ubuntu_linux	14.04
canonical	ubuntu_linux	16.04
canonical	ubuntu_linux	17.10
debian	debian_linux	7.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

clamav

bullseye	0.103.10+dfsg-0+deb11u1 fixed
bookworm	1.0.5+dfsg-1~deb12u1 fixed
sid	1.4.1+dfsg-1 fixed
trixie	1.4.1+dfsg-1 fixed

Ubuntu Releases

Ubuntu Product

Codename

clamav

artful	Fixed 0.99.4+addedllvm-0ubuntu0.17.10.1 released
xenial	Fixed 0.99.4+addedllvm-0ubuntu0.16.04.1 released
trusty	Fixed 0.99.4+addedllvm-0ubuntu0.14.04.1 released

Common Weakness Enumeration

CWE-125 - Out-of-bounds Read
The software reads data past the end, or before the beginning, of the intended buffer.

References

https://bugzilla.clamav.net/show_bug.cgi?id=11973

https://bugzilla.clamav.net/show_bug.cgi?id=11980

https://lists.debian.org/debian-lts-announce/2018/03/msg00011.html

https://security.gentoo.org/glsa/201804-16