[ASA-201803-14] clamav: multiple issues
anthraxx at archlinux.org
Mon Mar 19 23:07:03 UTC 2018
Arch Linux Security Advisory ASA-201803-14
Date : 2018-03-18
CVE-ID : CVE-2012-6706 CVE-2017-6419 CVE-2017-11423 CVE-2018-0202
Package : clamav
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-602
The package clamav before version 0.99.4-1 is vulnerable to multiple
issues including arbitrary code execution and denial of service.
Upgrade to 0.99.4-1.
# pacman -Syu "clamav>=0.99.4-1"
The problems have been fixed upstream in version 0.99.4.
- CVE-2012-6706 (arbitrary code execution)
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as
used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and
other products, that can lead to arbitrary code execution. An integer
overflow can be caused in DataSize+CurChannel. The result is a negative
value of the "DestPos" variable, which allows the attacker to write out
of bounds when setting Mem[DestPos].
- CVE-2017-6419 (arbitrary code execution)
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV before 0.99.4,
allows remote attackers to cause a denial of service (heap-based buffer
overflow and application crash) or possibly execute arbitrary code via
a crafted CHM file.
- CVE-2017-11423 (denial of service)
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha,
as used in ClamAV before 0.99.4 and other products, allows remote
attackers to cause a denial of service (stack-based buffer over-read
and application crash) via a crafted CAB file.
- CVE-2018-0202 (arbitrary code execution)
A heap overflow has been discovered in ClamAv before 0.99.4 in
pdf_parse_string possibly leading to arbitrary code execution by
inspecting a specially crafted PDF file.
- CVE-2018-1000085 (denial of service)
A heap-based out-of-bounds read has been found in the xar_hash_check
function of the xar decoder of ClamAV before 0.99.4, leading to a
denial of service.
A remote attacker can cause a denial of service or execute arbitrary
code on the affected host by submitting a crafted file for inspection
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 866 bytes
Desc: OpenPGP digital signature
More information about the arch-security