Skip to main content

Clamav CVE-2018-0360

MEDIUM
Integer Overflow or Wraparound (CWE-190)
2018-07-16 psirt@cisco.com
5.5
CVSS 3.0 · NVD
Share

Severity by source

NVD PRIMARY
5.5 MEDIUM
AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Attack Vector
Local
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Jul 16, 2018 - 17:29 nvd
MEDIUM 5.5

DescriptionNVD

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

AnalysisAI

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified as Integer Overflow (CWE-190), which allows attackers to cause unexpected behavior through arithmetic overflow. ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. Affected products include: Clamav, Canonical Ubuntu Linux, Debian Debian Linux. Version information: before 0.100.1.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate arithmetic operations, use safe integer libraries, check bounds before allocation.

More in Clamav

View all
CVE-2012-1459 MEDIUM
4.3 Mar 21

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7,

CVE-2012-1457 MEDIUM
4.3 Mar 21

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), t

CVE-2012-1443 MEDIUM
4.3 Mar 21

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVir

CVE-2014-9050 MEDIUM POC
5.0 Dec 01

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers

CVE-2025-20260 CRITICAL
9.8 Jun 18

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8).

CVE-2014-9328 HIGH
7.5 Feb 03

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "h

CVE-2023-20032 CRITICAL
9.8 Mar 01

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ p

CVE-2016-1372 MEDIUM POC
5.5 Oct 03

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a

CVE-2016-1371 MEDIUM POC
5.5 Oct 03

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a

CVE-2019-1798 MEDIUM POC
5.5 Apr 08

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions

CVE-2019-1788 MEDIUM POC
5.5 Apr 08

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software

CVE-2019-1787 MEDIUM POC
5.5 Apr 08

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software version

Share

CVE-2018-0360 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy