VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 3, 2015· Updated May 6, 2026

CVE-2015-1461

CVE-2015-1461

Description

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ClamAV before 0.98.6 has a heap out-of-bounds condition in Yoda's crypter and mew packer parsing, enabling remote attackers to cause unspecified impact via crafted files.

Vulnerability

A heap out-of-bounds condition exists in ClamAV versions before 0.98.6 when parsing crafted Yoda's crypter or mew packer files. This allows a remote attacker to trigger memory corruption via specially crafted files.

Exploitation

An attacker can send a crafted Yoda's crypter or mew packer file to a system running ClamAV scanning. No authentication is required; the file only needs to be scanned by ClamAV.

Impact

Successful exploitation can lead to unspecified impact, potentially including denial of service or arbitrary code execution.

Mitigation

Upgrade to ClamAV 0.98.6 or later, which includes fixes for these heap out-of-bounds conditions [1][4].

References
  1. ClamAV 0.98.6 has been released!
  2. Multiple vulnerabilities (GLSA 201512-08) — Gentoo security

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

8

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

8

News mentions

0

No linked articles in our index yet.