Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.8
CVSSv3

CVE-2017-12377

Published: 26/01/2018 Updated: 03/10/2019
CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 890
Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C
Subscribe to Debian Linux

Vulnerability Summary

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote malicious user to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the malicious user to cause a DoS condition or potentially execute arbitrary code on the affected device.

Vulnerable Product Search on Vulmon Subscribe to Product

debian debian linux 7.0

clamav clamav

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: Security release 0.99.3 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380)
Debian Bug report logs - #888484 clamav: Security release 0993 available (CVE-2017-12374 CVE-2017-12375 CVE-2017-12376 CVE-2017-12377 CVE-2017-12378 CVE-2017-12379 CVE-2017-12380) Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Ubuntu Security Notice: clamav vulnerabilities
Several security issues were fixed in ClamAV ...
Amazon Linux AMI: ALAS-2018-958
Heap-based buffer overflow in mspack/lzxdc:mspack/lzxdc in libmspack 05alpha, as used in ClamAV 0992, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file(CVE-2017-6419) The wwunpack function in libclamav/wwunpackc in ClamAV 0 ...
Arch Linux Issues:
ClamAV AntiVirus software versions 0992 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected d ...

References

CWE-125https://bugzilla.clamav.net/show_bug.cgi?id=11943http://blog.clamav.net/2018/01/clamav-0993-has-been-released.htmlhttps://lists.debian.org/debian-lts-announce/2018/01/msg00035.htmlhttps://usn.ubuntu.com/3550-2/https://usn.ubuntu.com/3550-1/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888484https://nvd.nist.govhttps://usn.ubuntu.com/3550-2/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27975CVE-2024-2961CVE-2024-20380XML injectionHTML injectionCVE-2024-29204CVE-2023-51795memory leakCVE-2024-3470
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook