{"id":"CVE-2018-1000085","details":"ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.","modified":"2026-04-16T01:40:44.450043993Z","published":"2018-03-13T15:29:01.113Z","related":["SUSE-SU-2018:0809-1","SUSE-SU-2018:0863-1","SUSE-SU-2018:2323-1","SUSE-SU-2018:2323-2","openSUSE-SU-2024:10685-1"],"references":[{"type":"ADVISORY","url":"http://www.openwall.com/lists/oss-security/2017/09/29/4"},{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00011.html"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201804-16"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3592-1/"},{"type":"ADVISORY","url":"https://usn.ubuntu.com/3592-2/"},{"type":"REPORT","url":"http://www.openwall.com/lists/oss-security/2017/09/29/4"},{"type":"FIX","url":"http://www.openwall.com/lists/oss-security/2017/09/29/4"},{"type":"FIX","url":"https://github.com/Cisco-Talos/clamav-devel/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6"},{"type":"ARTICLE","url":"http://www.openwall.com/lists/oss-security/2017/09/29/4"},{"type":"ARTICLE","url":"https://lists.debian.org/debian-lts-announce/2018/03/msg00011.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/cisco-talos/clamav","events":[{"introduced":"0"},{"fixed":"d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6"}]}],"versions":["clamav-0.96","clamav-0.96.2","clamav-0.96.3","clamav-0.96.4","clamav-0.96.5","clamav-0.96rc1","clamav-0.96rc2","clamav-0.97","clamav-0.97rc","clamav-0.98-dmgxar","clamav-0.99-beta1","merge-llvm-79908","merge-llvm-80601","merge-llvm-83242","merge-llvm-90002","merge-llvm-91214","merge-llvm-91428","merge-llvm-92222","merge-llvm-94539","merge-llvm-97877","r5076"],"database_specific":{"vanir_signatures":[{"signature_type":"Function","deprecated":false,"id":"CVE-2018-1000085-015effc0","target":{"function":"cli_scanxar","file":"libclamav/xar.c"},"digest":{"length":10960,"function_hash":"302437638560747696844139406282562986575"},"source":"https://github.com/cisco-talos/clamav/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6","signature_version":"v1"},{"signature_type":"Line","deprecated":false,"id":"CVE-2018-1000085-5d738bd3","target":{"file":"libclamav/xar.c"},"digest":{"threshold":0.9,"line_hashes":["247597764637765560895560734648230331272","233478940305917888839353206860891865017","291845340389789391556425139398227654332","173097474370639997816406990494019218039","150741875967945160245749141335577763620","125521133216504670201589637509492630230","42065592967489338366826712056722904567","43240121562569999788429626213777549497","90155328056117316932756386691796066446","168318484604143330315988242109533229813","121008109033999617909588721069991758165","17199622387730959675814747787004939977","282548318721385229577842067367835242814","218737128531418054095216966149461638586","321775781371872758371778839765853953348","312703132995152401256841095311114778840","178700505956996711777231262140872410305","188590201292122104749775445857190518878","123691687544784850551619151306785479102","172414361667042496286410551563506558977","108030744114736745224831479596086927563","328429824626476919043316391022601512176","228178482982769473129419413126119323829","224399601828331823290230585737006694462","59851391690908149353415357800868486752","316157072640769944790577138248169275163","250722595330028821321530249793875016626","10196860906776902551605617182685130441","237553907301377577663299165605338814716","135411002344702096829710074990260957104","284322607355121819523885339522353524552","11395970100372586887477453408709028161","24485962961831835021122441471619144061","168106793482623093655761449384252617710","10421584585691625622396989087036936342","12366667420657729543255195680165041845","68874931906903818676478683601528044191","264285573761965215913150958510623417731","282602046180439193267757662236656615203","266016991789792119240600186126205442260","287819142356834980879766860843441853534","170993223081184813631496104177978628053","33605546038320093049505847909238343753","327412211466153263798598490441552586539","100954544420651195227903240354563733262","55062529749008598783540753224246544533","258790999424920418991899854587608074603","181929451878239691065136295070533081658","242997260607698503970440329812625612583","174789289163543142492966397373912346673","250024408928634273861120978129512661604","100137092834538741234895039451239310964","30222632178684947050796414905766896968","139582639462308437937754213688297809406","252914599300083165255235519706242992913","55936484036366103484183727625207267263","139935458871852420898816853567765566403","122562161703596118400782967989491939744","273827745782534108019258581641803479529","266473915891327149781941253228992897174","249462509194935403111496349338767544641","86142880210473640609472552770952140581","318734762474073187013740444153602160595","299791829520949384410623782686740741303","159094949552600504003991075484983863932","119478077549180008762246902018323034093","32351827583025332066354641557869339375","250024408928634273861120978129512661604","100137092834538741234895039451239310964","16809198567083278088094534618966079609","108770862932828944138174001266750144826","204597419057074453976092392380428711265","83485965279633341132527822814913781674","78820668911646758739678458311074406244","303893099674765093361714522429809513595","53872873552251604870598731183886407773","194393273374626379290770363056715458121","6076847226279250486347002786389503028","221482292810480829416696791787510849997","307154901834107143934991320426870555849","291359705103824660946269940939699344593","314471020745322607813221742286441177237","195957511671841385721179400069083559759","137480514318081555192870096671640544466","243045864902516921487956333524926737934","275866767593624683087670146039091768212","163283275632466369306301104830300245738"]},"source":"https://github.com/cisco-talos/clamav/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6","signature_version":"v1"},{"id":"CVE-2018-1000085-6c316faf","deprecated":false,"source":"https://github.com/cisco-talos/clamav/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6","target":{"function":"xar_hash_check","file":"libclamav/xar.c"},"digest":{"length":366,"function_hash":"95308915133599037269234113442706052026"},"signature_version":"v1","signature_type":"Function"},{"digest":{"length":1141,"function_hash":"201022414640066503712727692343796089791"},"deprecated":false,"source":"https://github.com/cisco-talos/clamav/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6","target":{"function":"xar_get_checksum_values","file":"libclamav/xar.c"},"id":"CVE-2018-1000085-7f19ccaa","signature_version":"v1","signature_type":"Function"},{"source":"https://github.com/cisco-talos/clamav/commit/d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6","deprecated":false,"id":"CVE-2018-1000085-a4b2d293","target":{"function":"xar_get_numeric_from_xml_element","file":"libclamav/xar.c"},"digest":{"length":450,"function_hash":"238582205779040363762247100474330748160"},"signature_version":"v1","signature_type":"Function"}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-1000085.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H"}]}