FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

clamav -- multiple vulnerabilities

Affected packages
		clamav	<	0.100.1

Details

VuXML ID	d1e9d8c5-839b-11e8-9610-9c5c8e75236a
Discovery	2018-07-09
Entry	2018-07-09

Joel Esler reports:

3 security fixes in this release:

CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only).

CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera.

CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Report ed by aCaB.

[source]

References

CVE Name	CVE-2017-16932
CVE Name	CVE-2018-0360
CVE Name	CVE-2018-0361
URL	https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html