CVE-2018-0360

Summary

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

Affected Software

VendorProductVersion RangeStatus
n/aClamAV before 0.100.1 unknownClamAV before 0.100.1 unknownaffected

Weaknesses

  • integer overflow

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References