A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.
2018-10-15T17:29:00.677
2024-11-21T03:50:39.617
Modified
CVSSv3.0: 5.5 (MEDIUM)
AV:N/AC:M/Au:N/C:N/I:N/A:P
8.6
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Application | clamav | clamav | < 0.100.2 | Yes |
Operating System | debian | debian_linux | 8.0 | Yes |
Operating System | canonical | ubuntu_linux | 12.04 | Yes |
Operating System | canonical | ubuntu_linux | 14.04 | Yes |
Operating System | canonical | ubuntu_linux | 16.04 | Yes |
Operating System | canonical | ubuntu_linux | 18.04 | Yes |