{"id":"USN-3722-3","summary":"clamav regression","details":"USN-3722-1 fixed vulnerabilities in ClamAV. The updated ClamAV version\nremoved some configuration options which caused the daemon to fail to start\nin environments where the ClamAV configuration file was manually edited.\nThis update fixes the problem.\n\nWe apologize for the inconvenience.\n\nOriginal advisory details:\n\n It was discovered that ClamAV incorrectly handled parsing certain HWP\n files. A remote attacker could use this issue to cause ClamAV to hang,\n resulting in a denial of service. (CVE-2018-0360)\n \n It was discovered that ClamAV incorrectly handled parsing certain PDF\n files. A remote attacker could use this issue to cause ClamAV to hang,\n resulting in a denial of service. (CVE-2018-0361)\n","modified":"2026-04-22T09:48:22.990557Z","published":"2018-07-26T15:48:37Z","references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-3722-3"},{"type":"REPORT","url":"https://launchpad.net/bugs/1783632"}],"affected":[{"package":{"name":"clamav","ecosystem":"Ubuntu:14.04:LTS","purl":"pkg:deb/ubuntu/clamav@0.100.1+dfsg-1ubuntu0.14.04.2?arch=source&distro=trusty"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.100.1+dfsg-1ubuntu0.14.04.2"}]}],"versions":["0.97.8+dfsg-1ubuntu4","0.97.8+dfsg-1ubuntu5","0.98.1+dfsg-1ubuntu4","0.98.1+dfsg-1ubuntu5","0.98.1+dfsg-2ubuntu2","0.98.1+dfsg-4ubuntu1","0.98.1+dfsg-4ubuntu1.1","0.98.5+addedllvm-0ubuntu0.14.04.1","0.98.6+dfsg-0ubuntu0.14.04.1","0.98.7+dfsg-0ubuntu0.14.04.1","0.99.2+addedllvm-0ubuntu0.14.04.1","0.99.2+addedllvm-0ubuntu0.14.04.2","0.99.3+addedllvm-0ubuntu0.14.04.1","0.99.4+addedllvm-0ubuntu0.14.04.1","0.100.1+dfsg-1ubuntu0.14.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"clamav","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-base","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-daemon","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-docs","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-freshclam","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-milter","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"clamav-testfiles","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"},{"binary_name":"libclamav7","binary_version":"0.100.1+dfsg-1ubuntu0.14.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3722-3.json","cves_map":{"ecosystem":"Ubuntu:14.04:LTS","cves":[]}}},{"package":{"name":"clamav","ecosystem":"Ubuntu:16.04:LTS","purl":"pkg:deb/ubuntu/clamav@0.100.1+dfsg-1ubuntu0.16.04.2?arch=source&distro=xenial"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.100.1+dfsg-1ubuntu0.16.04.2"}]}],"versions":["0.98.7+dfsg-0ubuntu4","0.98.7+dfsg-0ubuntu5","0.99+dfsg-1ubuntu1","0.99+dfsg-1ubuntu1.1","0.99+dfsg-1ubuntu1.2","0.99.2+dfsg-0ubuntu0.16.04.1","0.99.2+dfsg-0ubuntu0.16.04.2","0.99.2+dfsg-0ubuntu0.16.04.3","0.99.3+addedllvm-0ubuntu0.16.04.1","0.99.4+addedllvm-0ubuntu0.16.04.1","0.100.1+dfsg-1ubuntu0.16.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"clamav","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-base","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-daemon","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-docs","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-freshclam","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-milter","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamav-testfiles","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"clamdscan","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"},{"binary_name":"libclamav7","binary_version":"0.100.1+dfsg-1ubuntu0.16.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3722-3.json","cves_map":{"ecosystem":"Ubuntu:16.04:LTS","cves":[]}}},{"package":{"name":"clamav","ecosystem":"Ubuntu:18.04:LTS","purl":"pkg:deb/ubuntu/clamav@0.100.1+dfsg-1ubuntu0.18.04.2?arch=source&distro=bionic"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"0.100.1+dfsg-1ubuntu0.18.04.2"}]}],"versions":["0.99.2+dfsg-6ubuntu2","0.99.3~beta1+dfsg-2ubuntu1","0.99.3~beta1+dfsg-2ubuntu2","0.99.3+addedllvm-0ubuntu1","0.99.3+addedllvm-0ubuntu2","0.99.4+addedllvm-0ubuntu1","0.100.1+dfsg-1ubuntu0.18.04.1"],"ecosystem_specific":{"availability":"No subscription required","binaries":[{"binary_name":"clamav","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-base","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-daemon","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-docs","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-freshclam","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-milter","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamav-testfiles","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"clamdscan","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"},{"binary_name":"libclamav7","binary_version":"0.100.1+dfsg-1ubuntu0.18.04.2"}]},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-3722-3.json","cves_map":{"ecosystem":"Ubuntu:18.04:LTS","cves":[]}}}],"schema_version":"1.7.5"}