Unrated severityNVD Advisory· Published May 12, 2015· Updated May 6, 2026

CVE-2015-2221

Description

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ClamAV before 0.98.7 contains an infinite loop vulnerability in y0da cryptor file parsing, allowing remote denial of service.

Vulnerability

ClamAV versions before 0.98.7 are vulnerable to an infinite loop condition when processing a crafted y0da cryptor file [2]. The bug resides in the y0da cryptor parsing code [2]. No specific configuration is required; the scanner automatically processes files.

Exploitation

A remote attacker can send a specially crafted y0da cryptor file to a system running ClamAV (e.g., via email attachment or network share) [1]. The attacker does not need authentication; when ClamAV scans the file, it enters an infinite loop, causing a denial of service [2][3].

Impact

Successful exploitation leads to a denial of service (infinite loop) as ClamAV becomes unresponsive [1][2]. The vulnerability does not appear to allow code execution; only DoS is confirmed [1][2]. In default installations, AppArmor may isolate the impact [1].

Mitigation

Upgrade to ClamAV version 0.98.7, released in April 2015 [2]. Ubuntu released USN-2594-1 on 5 May 2015 [1]. Gentoo issued GLSA 201512-08 recommending update to >=0.98.7 [3]. No workaround is available; updating is the only mitigation [3].

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ClamAV/Clamav2 versions
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*range: <=0.98.6
- (no CPE)range: <0.98.7
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.1:*:*:*:*:*:*:*
osv-coords4 versions
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 0.99.2-4.1+ 3 more
- (no CPE)range: < 0.99.2-4.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.clamav.net/2015/04/clamav-0987-has-been-released.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlnvd
ubuntu.com/usn/usn-2594-1nvd
www.securityfocus.com/bid/74443nvd
security.gentoo.org/glsa/201512-08nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000