CVE-2018-0202 (retired)

Priority
Description
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow
an unauthenticated, remote attacker to cause a denial of service (DoS)
condition on an affected device. The vulnerability is due to improper input
validation checking mechanisms when handling Portable Document Format
(.pdf) files sent to an affected device. An unauthenticated, remote
attacker could exploit this vulnerability by sending a crafted .pdf file to
an affected device. This action could cause an out-of-bounds read when
ClamAV scans the malicious file, allowing the attacker to cause a DoS
condition. This concerns pdf_parse_array and pdf_parse_string in
libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.
Assigned-to
mdeslaur
More Information

Updated: 2019-03-26 12:26:46 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)