rpm package
opensuse/clamav&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
Vulnerabilities (90)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-3481 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jul 20, 2020 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A | ||
| CVE-2020-3350 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jun 18, 2020 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m | ||
| CVE-2020-3341 | — | < 0.103.3-1.4 | 0.103.3-1.4 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A | ||
| CVE-2020-3327 | — | < 0.103.3-1.4 | 0.103.3-1.4 | May 13, 2020 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke | ||
| CVE-2020-3123 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea | ||
| CVE-2019-15961 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | ||
| CVE-2019-1789 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | ||
| CVE-2019-12625 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | ||
| CVE-2019-12900 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| CVE-2019-1798 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2019 | A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a l | ||
| CVE-2019-1788 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2019 | A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d | ||
| CVE-2019-1787 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due | ||
| CVE-2019-1785 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2019 | A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error | ||
| CVE-2019-1786 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is d | ||
| CVE-2018-15378 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval | ||
| CVE-2018-14680 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | ||
| CVE-2018-14679 | — | < 1.4.2-1.1 | 1.4.2-1.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||
| CVE-2018-0361 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jul 16, 2018 | ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | ||
| CVE-2018-0360 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jul 16, 2018 | ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. | ||
| CVE-2018-0202 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Mar 27, 2018 | clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu |
- CVE-2020-3481Jul 20, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A
- CVE-2020-3350Jun 18, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m
- CVE-2020-3341May 13, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A
- CVE-2020-3327May 13, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke
- CVE-2020-3123Feb 5, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea
- CVE-2019-15961Jan 15, 2020affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- CVE-2019-1789Nov 5, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- CVE-2019-12625Nov 5, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-12900Jun 19, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- CVE-2019-1798Apr 8, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a l
- CVE-2019-1788Apr 8, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d
- CVE-2019-1787Apr 8, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due
- CVE-2019-1785Apr 8, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error
- CVE-2019-1786Apr 8, 2019affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is d
- CVE-2018-15378Oct 15, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
- CVE-2018-14680Jul 28, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- CVE-2018-14679Jul 28, 2018affected < 1.4.2-1.1fixed 1.4.2-1.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
- CVE-2018-0361Jul 16, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- CVE-2018-0360Jul 16, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- CVE-2018-0202Mar 27, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
Page 2 of 5