Unrated severityNVD Advisory· Published May 12, 2015· Updated May 6, 2026

CVE-2015-2222

Description

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

ClamAV before 0.98.7 crashes when scanning a crafted petite packed file, enabling remote denial of service.

Vulnerability

ClamAV versions prior to 0.98.7 contain a crash vulnerability in the petite unpacker when processing a specially crafted petite packed file [2]. The bug is triggered during scanning of the malformed file, leading to a crash. Affected versions: all ClamAV releases before 0.98.7.

Exploitation

An attacker can exploit this by sending a crafted petite packed file to a system running ClamAV, either via email scanning or on-demand scanning. No authentication is required; the attacker only needs to deliver the file to the scanner. The crash occurs when ClamAV attempts to unpack the malformed petite file.

Impact

Successful exploitation causes ClamAV to crash, resulting in a denial of service. The Ubuntu advisory notes that in the default installation, the ClamAV AppArmor profile would isolate the attacker, limiting potential for arbitrary code execution [1]. The ClamAV blog states the issue is a crash [2]; the Gentoo GLSA mentions possible other unspecified impact [3], but the primary impact is denial of service.

Mitigation

The vulnerability is fixed in ClamAV 0.98.7, released on April 30, 2015 [2]. Users should upgrade to version 0.98.7 or later. Ubuntu released updated packages in USN-2594-1 [1]. Gentoo recommends upgrading to >=app-antivirus/clamav-0.98.7 [3]. No workaround is available.

References

AI Insight generated on May 23, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

ClamAV/Clamav2 versions
cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:clamav:clamav:*:*:*:*:*:*:*:*range: <=0.98.6
- (no CPE)range: <0.98.7
Canonical/Ubuntu Linux4 versions
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*+ 3 more
- cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.10:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:15.1:*:*:*:*:*:*:*
osv-coords4 versions
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012 pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 0.99.2-4.1+ 3 more
- (no CPE)range: < 0.99.2-4.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1
- (no CPE)range: < 0.98.7-13.1

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

blog.clamav.net/2015/04/clamav-0987-has-been-released.htmlnvdPatchVendor Advisory
lists.opensuse.org/opensuse-updates/2015-05/msg00024.htmlnvd
ubuntu.com/usn/usn-2594-1nvd
www.securityfocus.com/bid/74443nvd
security.gentoo.org/glsa/201512-08nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000