ID CVE-2018-0202
Summary clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.
References
Vulnerable Configurations
  • ClamAV 0.99.3
    cpe:2.3:a:clamav:clamav:0.99.3
  • Canonical Ubuntu Linux 12.04 ESM (Extended Security Maintenance)
    cpe:2.3:o:canonical:ubuntu_linux:12.04:-:-:-:esm
  • Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:14.04:-:-:-:lts
  • Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)
    cpe:2.3:o:canonical:ubuntu_linux:16.04:-:-:-:lts
  • Canonical Ubuntu Linux 17.10
    cpe:2.3:o:canonical:ubuntu_linux:17.10
  • Debian Linux 7.0
    cpe:2.3:o:debian:debian_linux:7.0
CVSS
Base: 4.3
Impact:
Exploitability:
CWE CWE-125
CAPEC
  • Overread Buffers
    An adversary attacks a target by providing input that causes an application to read beyond the boundary of a defined buffer. This typically occurs when a value influencing where to start or stop reading is set to reflect positions outside of the valid memory location of the buffer. This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution.
nessus via4
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-3592-1.NASL
    description It was discovered that ClamAV incorrectly handled parsing certain PDF files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. (CVE-2018-0202) Hanno Bock discovered that ClamAV incorrectly handled parsing certain XAR files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service. (CVE-2018-1000085). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 107256
    published 2018-03-09
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107256
    title Ubuntu 14.04 LTS / 16.04 LTS / 17.10 : clamav vulnerabilities (USN-3592-1)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DLA-1307.NASL
    description Some vulnerabilities have been found in ClamAV, an open source antivirus engine : CVE-2018-0202 It was found that ClamAV didn't process certain PDF files correctly, relating to a heap overflow. Specially crafted PDFs could yield ClamAV to crash, resulting in a denial of service or potentially execution of arbitrary code. CVE-2018-1000085 Hanno Böck discovered that ClamAV didn't process XAR files correctly. Malformed XAR files could cause ClamAV to crash by an out of bounds heap read. This could result in a denial of service. For Debian 7 'Wheezy', these problems have been fixed in version 0.99.4+dfsg-1+deb7u1. We recommend that you upgrade your clamav packages. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-08-31
    plugin id 108415
    published 2018-03-19
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108415
    title Debian DLA-1307-1 : clamav security update
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0809-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108652
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108652
    title SUSE SLED12 / SLES12 Security Update : clamav (SUSE-SU-2018:0809-1)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-D2B08AA37F.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-14
    plugin id 108311
    published 2018-03-14
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108311
    title Fedora 26 : clamav (2018-d2b08aa37f)
  • NASL family SuSE Local Security Checks
    NASL id OPENSUSE-2018-314.NASL
    description This update for clamav fixes the following issues : Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). This update was imported from the SUSE:SLE-12:Update update project.
    last seen 2019-02-21
    modified 2018-03-27
    plugin id 108637
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108637
    title openSUSE Security Update : clamav (openSUSE-2018-314)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-201804-16.NASL
    description The remote host is affected by the vulnerability described in GLSA-201804-16 (ClamAV: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in ClamAV. Please review the CVE identifiers referenced below for details. Impact : A remote attacker, through multiple vectors, could execute arbitrary code, cause a Denial of Service condition, or have other unspecified impacts. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-06-07
    plugin id 109230
    published 2018-04-23
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=109230
    title GLSA-201804-16 : ClamAV: Multiple vulnerabilities
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2018-602B5345FA.NASL
    description Update to 0.99.4 0.99.4 addresses a few outstanding vulnerability bugs. It includes fixes for : - CVE-2012-6706 - CVE-2017-6419 - CVE-2017-11423 - CVE-2018-1000085 There are also a few bug fixes that were not assigned CVE’s, but were important enough to address while we had the chance. One of these was the notorious file descriptor exhaustion bug that caused outages late last January. In addition to the above, 0.99.4 fixes : - CVE-2018-0202: Two newly reported vulnerabilities in the PDF parsing code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora update system website. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-03-07
    plugin id 107169
    published 2018-03-07
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=107169
    title Fedora 27 : clamav (2018-602b5345fa)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_SU-2018-0863-1.NASL
    description This update for clamav fixes the following issues: Security issues fixed : - CVE-2012-6706: VMSF_DELTA filter inside the unrar implementation allows an arbitrary memory write (bsc#1045315). - CVE-2017-6419: A heap-based buffer overflow that can lead to a denial of service in libmspack via a crafted CHM file (bsc#1052449). - CVE-2017-11423: A stack-based buffer over-read that can lead to a denial of service in mspack via a crafted CAB file (bsc#1049423). - CVE-2018-1000085: An out-of-bounds heap read vulnerability was found in XAR parser that can lead to a denial of service (bsc#1082858). - CVE-2018-0202: Fixed two vulnerabilities in the PDF parsing code (bsc#1083915). Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-12-01
    plugin id 108829
    published 2018-04-04
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108829
    title SUSE SLES11 Security Update : clamav (SUSE-SU-2018:0863-1)
  • NASL family Amazon Linux Local Security Checks
    NASL id ALA_ALAS-2018-976.NASL
    description Heap-based buffer overflow in mspack/lzxd.c mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. (CVE-2017-6419) Out-of-bounds access in the PDF parser (CVE-2018-0202) A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the 'DestPos' variable, which allows the attacker to write out of bounds when setting Mem[DestPos]. (CVE-2012-6706) ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. (CVE-2018-1000085) Stack-based buffer over-read in cabd_read_string function The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. (CVE-2017-11423)
    last seen 2019-02-21
    modified 2018-04-18
    plugin id 108601
    published 2018-03-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=108601
    title Amazon Linux AMI : clamav (ALAS-2018-976)
refmap via4
confirm
gentoo GLSA-201804-16
mlist [debian-lts-announce] 20180316 [SECURITY] [DLA 1307-1] clamav security update
ubuntu
  • USN-3592-1
  • USN-3592-2
Last major update 27-03-2018 - 05:29
Published 27-03-2018 - 05:29
Last modified 26-03-2019 - 12:02
Back to Top