{"id":"CVE-2018-0360","details":"ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.","modified":"2026-04-02T00:21:34.101692Z","published":"2018-07-16T17:29:00.283Z","related":["MGASA-2018-0317","SUSE-SU-2018:2230-1","SUSE-SU-2018:2232-1","SUSE-SU-2018:2323-1","SUSE-SU-2018:2323-2","openSUSE-SU-2024:10685-1"],"references":[{"type":"ADVISORY","url":"https://usn.ubuntu.com/3722-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3722-2/"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1041367"},{"type":"ADVISORY","url":"https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html"},{"type":"ADVISORY","url":"https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201904-12"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"0"},{"fixed":"dab42eb26e76376341882077ce01449989051a95"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"0.100.1"}]}}],"versions":["0.93.3","0.94.1rc1","CLAMAV_090RC1","CLAMAV_090RC2","CLAMAV_090RC3","CLAMAV_0_70","CLAMAV_0_71","CLAMAV_0_80","CLAMAV_0_80RC","CLAMAV_0_80RC1","CLAMAV_0_80RC3","CLAMAV_0_80RC4","CLAMAV_0_81","CLAMAV_0_84RC1","clamav-0.100-beta","clamav-0.100.0","clamav-0.100.0-rc","clamav-0.101.0","clamav-0.101.0-beta","clamav-0.101.0-rc","clamav-0.101.1","clamav-0.101.2","clamav-0.101.3","clamav-0.101.4","clamav-0.101.5","clamav-0.102.0","clamav-0.102.0-beta","clamav-0.102.0-rc","clamav-0.102.1","clamav-0.102.2","clamav-0.102.3","clamav-0.102.4","clamav-0.103.0","clamav-0.103.0-rc","clamav-0.103.0-rc2","clamav-0.103.1","clamav-0.103.10","clamav-0.103.11","clamav-0.103.12","clamav-0.103.2","clamav-0.103.3","clamav-0.103.4","clamav-0.103.5","clamav-0.103.6","clamav-0.103.7","clamav-0.103.8","clamav-0.103.9","clamav-0.104.0","clamav-0.104.0-rc2","clamav-0.104.1","clamav-0.104.2","clamav-0.104.3","clamav-0.104.4","clamav-0.105.0","clamav-0.105.0-rc","clamav-0.105.0-rc2","clamav-0.105.1","clamav-0.105.2","clamav-0.82","clamav-0.83","clamav-0.90.1","clamav-0.91","clamav-0.91rc2","clamav-0.92","clamav-0.92_sf","clamav-0.92rc1","clamav-0.92rc2","clamav-0.93","clamav-0.93.1rc1","clamav-0.94","clamav-0.94.1","clamav-0.94.1rc1","clamav-0.94.2","clamav-0.94rc1","clamav-0.95","clamav-0.95.1","clamav-0.95.2","clamav-0.95.3","clamav-0.95rc1","clamav-0.95rc2","clamav-0.96","clamav-0.96.1","clamav-0.96.2","clamav-0.96.3","clamav-0.96.4","clamav-0.96.5","clamav-0.96rc1","clamav-0.96rc2","clamav-0.97","clamav-0.97.1","clamav-0.97.2","clamav-0.97.3","clamav-0.97.4","clamav-0.97.5","clamav-0.97.6","clamav-0.97.7","clamav-0.97.8","clamav-0.97rc","clamav-0.98","clamav-0.98-dmgxar","clamav-0.98.1","clamav-0.98.1rc","clamav-0.98.2","clamav-0.98.3","clamav-0.98.4","clamav-0.98.4-rc1","clamav-0.98.5","clamav-0.98.5-rc1","clamav-0.98.5-rc2","clamav-0.98.5beta","clamav-0.98.6","clamav-0.98.7","clamav-0.98rc","clamav-0.98rc2","clamav-0.99","clamav-0.99-beta1","clamav-0.99-beta2","clamav-0.99-rc1","clamav-0.99-rc2","clamav-0.99.1","clamav-0.99.1-beta1","clamav-0.99.2","clamav-0.99.3","clamav-0.99.3-beta1","clamav-0.99.3-beta2","clamav-0.99.4","clamav-1.0.0","clamav-1.0.0-rc","clamav-1.0.0-rc2","clamav-1.0.1","clamav-1.0.2","clamav-1.0.3","clamav-1.0.4","clamav-1.0.5","clamav-1.0.6","clamav-1.0.7","clamav-1.0.8","clamav-1.0.9","clamav-1.1.0","clamav-1.1.0-rc","clamav-1.1.1","clamav-1.1.2","clamav-1.1.3","clamav-1.2.0","clamav-1.2.0-rc","clamav-1.2.1","clamav-1.2.2","clamav-1.2.3","clamav-1.3.0","clamav-1.3.0-rc","clamav-1.3.0-rc2","clamav-1.3.1","clamav-1.3.2","clamav-1.4.0","clamav-1.4.0-rc","clamav-1.4.1","clamav-1.4.2","clamav-1.4.3","clamav-1.4.4","clamav-1.5.0","clamav-1.5.0-beta","clamav-1.5.0-rc","clamav-1.5.1","clamav-1.5.2","clamav-20080204","merge-llvm-79908","merge-llvm-80601","merge-llvm-83242","merge-llvm-90002","merge-llvm-91214","merge-llvm-91428","merge-llvm-92222","merge-llvm-94539","merge-llvm-97877","r5076","start","test_prefilter_enable","test_prefilter_enable2","test_prefiltering_disable"],"database_specific":{"unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"18.04"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2018-0360.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}