{"id":"MGASA-2018-0117","summary":"Updated clamav packages fix security vulnerability","details":"The ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing operations (mbox.c operations on bounce\nmessages). If successfully exploited, the ClamAV software could allow a\nvariable pointing to the mail body which could cause a used after being\nfree (use-after-free) instance which may lead to a disruption of services\non an affected device to include a denial of service condition.\n(CVE-2017-12374)\n\nThe ClamAV AntiVirus software versions 0.99.2 and prior contain a\nvulnerability that could allow an unauthenticated, remote attacker to\ncause a denial of service (DoS) condition on an affected device. The\nvulnerability is due to a lack of input validation checking mechanisms\nduring certain mail parsing functions (the rfc2047 function in mbox.c). An\nunauthenticated, remote attacker could exploit this vulnerability by\nsending a crafted email to the affected device. This action could cause a\nbuffer overflow condition when ClamAV scans the malicious email, allowing\nthe attacker to potentially cause a DoS condition on an affected device.\n(CVE-2017-12375)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability\nthat could allow an unauthenticated, remote attacker to cause a denial of\nservice (DoS) condition or potentially execute arbitrary code on an affected\ndevice. The vulnerability is due to improper input validation checking\nmechanisms when handling Portable Document Format (.pdf) files sent to an\naffected device. An unauthenticated, remote attacker could exploit this\nvulnerability by sending a crafted .pdf file to an affected device. This\naction could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV\nscans the malicious file, allowing the attacker to cause a DoS condition\nor potentially execute arbitrary code. (CVE-2017-12376)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability\nthat could allow an unauthenticated, remote attacker to cause a denial of\nservice (DoS) condition or potentially execute arbitrary code on an affected\ndevice. The vulnerability is due to improper input validation checking\nmechanisms in mew packet files sent to an affected device. A successful\nexploit could cause a heap-based buffer over-read condition in mew.c when\nClamAV scans the malicious file, allowing the attacker to cause a DoS\ncondition or potentially execute arbitrary code on the affected device.\n(CVE-2017-12377)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability\nthat could allow an unauthenticated, remote attacker to cause a denial of\nservice (DoS) condition on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms of .tar (Tape Archive) files\nsent to an affected device. A successful exploit could cause a checksum\nbuffer over-read condition when ClamAV scans the malicious .tar file,\npotentially allowing the attacker to cause a DoS condition on the affected\ndevice. (CVE-2017-12378)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability\nthat could allow an unauthenticated, remote attacker to cause a denial of\nservice (DoS) condition or potentially execute arbitrary code on an affected\ndevice. The vulnerability is due to improper input validation checking\nmechanisms in the message parsing function on an affected system. An\nunauthenticated, remote attacker could exploit this vulnerability by sending\na crafted email to the affected device. This action could cause a\nmessageAddArgument (in message.c) buffer overflow condition when ClamAV\nscans the malicious email, allowing the attacker to potentially cause a DoS\ncondition or execute arbitrary code on an affected device. (CVE-2017-12379)\n\nClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability\nthat could allow an unauthenticated, remote attacker to cause a denial of\nservice (DoS) condition on an affected device. The vulnerability is due to\nimproper input validation checking mechanisms in mbox.c during certain mail\nparsing functions of the ClamAV software. An unauthenticated, remote\nattacker could exploit this vulnerability by sending a crafted email to the\naffected device. An exploit could trigger a NULL pointer dereference\ncondition when ClamAV scans the malicious email, which may result in a DoS\ncondition. (CVE-2017-12380)\n","modified":"2026-02-04T02:36:54.239520Z","published":"2018-02-06T06:25:44Z","related":["CVE-2017-12374","CVE-2017-12375","CVE-2017-12376","CVE-2017-12377","CVE-2017-12378","CVE-2017-12379","CVE-2017-12380"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2018-0117.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=22482"},{"type":"REPORT","url":"https://lists.opensuse.org/opensuse-updates/2018-01/msg00106.html"},{"type":"REPORT","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/thread/L2ULSX6GBGUOCP4V67LMFVR2C7DKKXCU/"}],"affected":[{"package":{"name":"clamav","ecosystem":"Mageia:6","purl":"pkg:rpm/mageia/clamav?arch=source&distro=mageia-6"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.99.3-1.mga6"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2018-0117.json"}}],"schema_version":"1.7.3","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}