SB2018030634 - Out-of-bounds read in clamav (Alpine package)
Published: March 6, 2018
Security Bulletin ID
SB2018030634
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Out-of-bounds read (CVE-ID: CVE-2018-0202)
The vulnerability allows a remote attacker to cause DoS condition on the target system.The weakness exists due to improper input validation checking mechanisms when handling Portable Document Format files. A remote attacker can send a specially .pdf file, trigger out-of-bounds read and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=271f0c5a69090b247eb2e7dcf3297272c5e557d6
- https://git.alpinelinux.org/aports/commit/?id=46ab307937563eeb8acb82c3fa85fc67c712ec7f
- https://git.alpinelinux.org/aports/commit/?id=b4b20e148bb4cc6d70c787ff565bbc1dc3c33b95
- https://git.alpinelinux.org/aports/commit/?id=daeca7a60515632355e7380ea79af439a01e2bb1
- https://git.alpinelinux.org/aports/commit/?id=39811d78329ec562d9254e27716bacc363c40d72