Index: vuln.xml =================================================================== --- vuln.xml (revision 481153) +++ vuln.xml (working copy) @@ -58,6 +58,63 @@ * Do not forget port variants (linux-f10-libxml2, libxml2, etc.) --> + + clamav -- multiple vulnerabilities + + + clamav + 0.100.2 + + + + +

Joel Esler reports:

+
+
CVE-2018-15378: +
+
Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
+
Reported by Secunia Research at Flexera.
+
+
+
Fix for a 2-byte buffer over-read bug in ClamAV&s PDF parsing code. +
+
Reported by Alex Gaynor.
+
+
+
CVE-2018-14680: +
+
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
+
+
+
CVE-2018-14681: +
+
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
+
+
+
CVE-2018-14682: +
+
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place.
+
+
+
+
.
+

+ + + + https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html + CVE-2018-15378 + CVE-2018-14680 + CVE-2018-14681 + CVE-2018-14682 + + + 2018-10-03 + 2018-10-03 + + + mozilla -- multiple vulnerabilities