High severity7.5NVD Advisory· Published Jan 15, 2020· Updated Jun 17, 2026
CVE-2019-15961
CVE-2019-15961
Description
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
31- Range: <=0.102.0
- osv-coords29 versionspkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2015.1pkg:rpm/opensuse/clamav&distro=openSUSE%20Leap%2015.2pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweedpkg:rpm/suse/clamav&distro=HPE%20Helion%20OpenStack%208pkg:rpm/suse/clamav&distro=SUSE%20Enterprise%20Storage%205pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Desktop%2012%20SP4pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP1pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP2pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP1-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-BCLpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-BCLpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP4-LTSSpkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP1pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP2pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP4pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%207pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%208pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%209pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%20Crowbar%208pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%20Crowbar%209
< 0.100.3-lp151.2.6.1+ 28 more
- (no CPE)range: < 0.100.3-lp151.2.6.1
- (no CPE)range: < 0.103.0-lp152.6.3.1
- (no CPE)range: < 0.103.3-1.4
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-3.17.2
- (no CPE)range: < 0.100.3-3.17.2
- (no CPE)range: < 0.103.0-3.23.1
- (no CPE)range: < 0.100.3-0.20.29.1
- (no CPE)range: < 0.100.3-0.20.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.103.0-33.32.1
- (no CPE)range: < 0.103.0-3.3.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.103.0-3.3.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.103.0-33.32.1
- (no CPE)range: < 0.100.3-33.29.1
- (no CPE)range: < 0.103.0-33.32.1
Patches
Vulnerability mechanics
References
5- bugzilla.clamav.net/show_bug.cginvdExploitIssue TrackingVendor Advisory
- lists.debian.org/debian-lts-announce/2020/02/msg00016.htmlnvdMailing ListThird Party Advisory
- quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010nvdThird Party Advisory
- security.gentoo.org/glsa/202003-46nvdThird Party Advisory
- usn.ubuntu.com/4230-2/nvdThird Party Advisory
News mentions
0No linked articles in our index yet.