Search CVE reports


Toggle filters

41 – 50 of 165 results


CVE-2018-18585

Medium priority

Some fixes available 4 of 5

chmd_read_headers in mspack/chmd.c in libmspack before 0.8alpha accepts a filename that has '\0' as its first or second character (such as the "/\0" name).

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-18584

Medium priority
Fixed

In mspack/cab.h in libmspack before 0.8alpha and cabextract before 1.8, the CAB block input buffer is one byte too small for the maximal Quantum block, leading to an out-of-bounds write.

3 affected packages

cabextract, clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
cabextract Not affected Not affected Not affected Not affected
clamav Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-15378

Medium priority
Fixed

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()"...

1 affected package

clamav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Fixed Fixed
Show less packages

CVE-2018-14682

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14681

Medium priority

Some fixes available 3 of 4

An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14680

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-14679

Medium priority

Some fixes available 3 of 4

An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and...

2 affected packages

clamav, libmspack

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Not affected Not affected Not affected Not affected Not affected
libmspack Not affected Not affected Not affected Fixed Fixed
Show less packages

CVE-2018-0361

Medium priority

Some fixes available 3 of 4

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

1 affected package

clamav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Fixed Fixed
Show less packages

CVE-2018-0360

Medium priority

Some fixes available 3 of 4

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

1 affected package

clamav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Fixed Fixed
Show less packages

CVE-2018-0202

Medium priority
Fixed

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper...

1 affected package

clamav

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
clamav Fixed
Show less packages