Unrated severityNVD Advisory· Published May 12, 2015· Updated May 6, 2026

CVE-2015-2170

Description

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ClamAV upx decoder crashes on crafted files; fixed in 0.98.7.

Vulnerability

The UPX decoder in ClamAV before version 0.98.7 contains a flaw that can be triggered by a specially crafted file. An attacker can cause a crash in the decoder, leading to a denial of service. [1][2]

Exploitation

An attacker needs only to provide a crafted file to the ClamAV scanner. No authentication or special network position is required; the file can be delivered via email, web traffic, or any other vector that ClamAV scans. The crash occurs when the UPX decoder processes the malicious input. [1][2]

Impact

Successful exploitation causes ClamAV to crash, resulting in a denial of service. The advisory notes that an unspecified remote attacker could also possibly execute arbitrary code, though the primary known impact is a crash. In Ubuntu's default installation, the ClamAV AppArmor profile would isolate the scanner, reducing potential harm. [1][2]

Mitigation

ClamAV 0.98.7 contains the fix for CVE-2015-2170, released on 2015-04-21. Users should upgrade to this version or later. The Gentoo advisory (GLSA 201512-08) also recommends upgrading to >=app-antivirus/clamav-0.98.7. No known workaround exists. [1][2][3]

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ClamAV/Clamav2 versions
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*range: <=0.98.6
- (no CPE)range: <0.98.7
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*
osv-coords4 versions
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 0.99.2-4.1+ 3 more
- (no CPE)range: < 0.99.2-4.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.clamav.net/2015/04/clamav-0987-has-been-released.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlnvd
ubuntu.com/usn/usn-2594-1nvd
www.securityfocus.com/bid/74443nvd
security.gentoo.org/glsa/201512-08nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000