Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
4.3
CVSSv2

CVE-2018-15378

Published: 15/10/2018 Updated: 09/10/2019
CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6
CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8
VMScore: 383
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P
Subscribe to Clamav

Vulnerability Summary

A vulnerability in ClamAV versions before 0.100.2 could allow an malicious user to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

clamav clamav

debian debian linux 8.0

canonical ubuntu linux 12.04

canonical ubuntu linux 16.04

canonical ubuntu linux 14.04

canonical ubuntu linux 18.04

Vendor Advisories

Debian CVElist Bug Report Logs: clamav: CVE-2018-15378: denial-of-service in MEW unpacking feature
Debian Bug report logs - #910430 clamav: CVE-2018-15378: denial-of-service in MEW unpacking feature Package: src:clamav; Maintainer for src:clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Sat, 6 Oct 2018 07:21:02 UTC Severity: important Ta ...
Ubuntu Security Notice: clamav vulnerabilities
ClamAV could be made to crash if it opened a specially crafted file ...
Ubuntu Security Notice: clamav vulnerability
ClamAV could be made to crash if it opened a specially crafted file ...
Amazon Linux AMI: ALAS-2019-1146
An issue was discovered in kwajd_read_headers in mspack/kwajdc in libmspack before 07alpha Bad KWAJ file header extensions could cause a one or two byte overwrite(CVE-2018-14681) An issue was discovered in mspack/chmdc in libmspack before 07alpha There is an off-by-one error in the TOLOWER() macro for CHM decompression(CVE-2018-14682) An is ...

References

CWE-125https://secuniaresearch.flexerasoftware.com/advisories/83000/https://bugzilla.clamav.net/show_bug.cgi?id=12170https://usn.ubuntu.com/3789-1/https://usn.ubuntu.com/3789-2/https://lists.debian.org/debian-lts-announce/2018/10/msg00014.htmlhttps://www.flexera.com/company/secunia-research/advisories/SR-2018-23.htmlhttps://security.gentoo.org/glsa/201904-12https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910430https://nvd.nist.govhttps://usn.ubuntu.com/3789-2/
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-27322CVE-2006-4304wirelessCVE-2023-23022local file inclusionCVE-2024-27058CVE-2024-33820open redirectCVE-2024-27079
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook