SB2018071413 - Improper input validation in clamav (Alpine package)
Published: July 14, 2018
Security Bulletin ID
SB2018071413
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Improper input validation (CVE-ID: CVE-2018-0361)
The vulnerability allows a remote attacker to cause DoS condition on the target system.
The vulnerability exists due to a flaw when handling malicious input. A remote attacker can trick the victim into opening a specially crafted file, trigger a PDF object length check error and cause the service to crash.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=1e7eec478d53d671eb7faf3c64e6bfe8e540877b
- https://git.alpinelinux.org/aports/commit/?id=2437dee3d74caf1a16e8331977ec836716b5bd3c
- https://git.alpinelinux.org/aports/commit/?id=d87903ef0e2c9558f9ca6a23af7eb28438a10ccf
- https://git.alpinelinux.org/aports/commit/?id=540c3721c297fd86200a7518c76e7f8a5b51a83b
- https://git.alpinelinux.org/aports/commit/?id=90552e261c77a65b5d25b9f935af4236ea1e08c1