View | Details | Raw Unified | Return to bug 231924
Collapse All | Expand All

(-)vuln.xml (+57 lines)
Lines 58-63 Link Here
58 
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
 58 
  * Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
59 
-->
 59 
-->
60 
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
 60 
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
61 
  <vuln vid="8b812395-c739-11e8-ab5b-9c5c8e75236a">
62 
    <topic>clamav -- multiple vulnerabilities</topic>
63 
    <affects>
64 
      <package>
65 
	<name>clamav</name>
66 
	<range><lt>0.100.2</lt></range>
67 
      </package>
68 
    </affects>
69 
    <description>
70 
      <body xmlns="http://www.w3.org/1999/xhtml">
71 
	<p> Joel Esler reports:</p>
72 
	<blockquote cite="https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html">
73 
	  <ul>
74 
	    <li>CVE-2018-15378:
75 
	      <ul>
76 
		<li>Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.</li>
77 
		<li>Reported by Secunia Research at Flexera.</li>
78 
	      </ul>
79 
	    </li>
80 
	    <li>Fix for a 2-byte buffer over-read bug in ClamAV&amp;s PDF parsing code.
81 
	      <ul>
82 
		<li>Reported by Alex Gaynor.</li>
83 
	      </ul>
84 
	    </li>
85 
	    <li>CVE-2018-14680:
86 
	      <ul>
87 
		<li>An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.</li>
88 
	      </ul>
89 
	    </li>
90 
	    <li>CVE-2018-14681:
91 
	      <ul>
92 
		<li>An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.</li>
93 
	      </ul>
94 
	    </li>
95 
	    <li>CVE-2018-14682:
96 
	      <ul>
97 
		<li>An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place.</li>
98 
	      </ul>
99 
	    </li>
100 
	  </ul>
101 
	  <p>.</p>
102 
	</blockquote>
103 
      </body>
104 
    </description>
105 
    <references>
106 
      <url>https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html</url>
107 
      <cvename>CVE-2018-15378</cvename>
108 
      <cvename>CVE-2018-14680</cvename>
109 
      <cvename>CVE-2018-14681</cvename>
110 
      <cvename>CVE-2018-14682</cvename>
111 
    </references>
112 
    <dates>
113 
      <discovery>2018-10-03</discovery>
114 
      <entry>2018-10-03</entry>
115 
    </dates>
116 
  </vuln>
117 

            

        

          61
          
  <vuln vid="c4f39920-781f-4aeb-b6af-17ed566c4272">

          118
          
  <vuln vid="c4f39920-781f-4aeb-b6af-17ed566c4272">

        

        

          62
          
    <topic>mozilla -- multiple vulnerabilities</topic>

          119
          
    <topic>mozilla -- multiple vulnerabilities</topic>

        

        

          63
          
    <affects>

          120
          
    <affects>

        






  

  Return to bug 231924