CVE-2018-15378

Name: CVE-2018-15378
Creator: NVD / NIST
Published: 2018-10-15T17:29:00.677+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 1.31%

Last modified Jun 17, 2026

CVE-2018-15378 is a vulnerability of currently unknown severity. A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.. EPSS estimates a 1.31% chance of exploitation in the next 30 days.

Description

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

Metrics

EPSS Probability

1.31%

67.1th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

Vendor	Product	Versions
Clamav	Clamav	< 0.100.2
Debian	Debian Linux	8.0
Canonical	Ubuntu Linux	12.04
Canonical	Ubuntu Linux	14.04
Canonical	Ubuntu Linux	16.04
Canonical	Ubuntu Linux	18.04

References

https://bugzilla.clamav.net/show_bug.cgi?id=12170Issue Tracking, Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00014.htmlMailing List, Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/83000/Permissions Required, Third Party Advisory
https://security.gentoo.org/glsa/201904-12Third Party Advisory
https://usn.ubuntu.com/3789-1/Third Party Advisory
https://usn.ubuntu.com/3789-2/Third Party Advisory
https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.htmlThird Party Advisory
https://bugzilla.clamav.net/show_bug.cgi?id=12170Issue Tracking, Patch, Third Party Advisory
https://lists.debian.org/debian-lts-announce/2018/10/msg00014.htmlMailing List, Third Party Advisory
https://secuniaresearch.flexerasoftware.com/advisories/83000/Permissions Required, Third Party Advisory
https://security.gentoo.org/glsa/201904-12Third Party Advisory
https://usn.ubuntu.com/3789-1/Third Party Advisory
https://usn.ubuntu.com/3789-2/Third Party Advisory
https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.htmlThird Party Advisory

Timeline

Published: Oct 15, 2018
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2018-15378?

How severe is CVE-2018-15378?

Severity scoring for CVE-2018-15378 is pending analysis. The EPSS model estimates a 1.31% probability of exploitation in the next 30 days.

How do I fix CVE-2018-15378?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2018-15378?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST