cvedb.io
CVE-2018-1000085
MEDIUM · CVSS 5.5
EPSS exploitation probability: 0%
Published 2018-03-13T15:29:01.113 · Last modified 2026-06-17T01:32:23.700

Summary

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.

Affected products

clamav — clamav

Does this affect you?

Add your gear to cvedb and we'll alert you only when clamav ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.