CVE-2015-1463
Description
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
ClamAV before 0.98.6 crashes when scanning a crafted petite packer file due to an incorrect compiler optimization, enabling remote denial of service.
Vulnerability
ClamAV versions prior to 0.98.6 contain a denial-of-service vulnerability in the petite packer file handler. A crafted petite packer file triggers an incorrect compiler optimization, causing a crash. The issue was discovered by Sebastian Andrzej Siewior and is fixed in ClamAV 0.98.6 [1].
Exploitation
An attacker can exploit this vulnerability by sending a specially crafted petite packer file to a system running an affected ClamAV version. No authentication or special privileges are required; the file only needs to be scanned by ClamAV, for example via email gateway or on-demand scanning.
Impact
Successful exploitation causes ClamAV to crash, resulting in a denial of service. No other impacts (such as code execution or information disclosure) have been reported.
Mitigation
Upgrade to ClamAV 0.98.6 or later, which includes a fix for this issue [1]. The Gentoo security advisory recommends upgrading to version 0.98.7 or higher [4]. No workarounds are available.
AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
8cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- osv-coords4 versionspkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweedpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 0.99.2-4.1+ 3 more
- (no CPE)range: < 0.99.2-4.1
- (no CPE)range: < 0.98.6-10.1
- (no CPE)range: < 0.98.6-10.1
- (no CPE)range: < 0.98.6-10.1
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
6- blog.clamav.net/2015/01/clamav-0986-has-been-released.htmlnvdVendor Advisory
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.htmlnvd
- lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.htmlnvd
- lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.htmlnvd
- security.gentoo.org/glsa/201512-08nvd
News mentions
0No linked articles in our index yet.