rpm package
opensuse/clamav&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
Vulnerabilities (90)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-1000085 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR | ||
| CVE-2017-12380 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c | ||
| CVE-2017-12379 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12378 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar ( | ||
| CVE-2017-12377 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12376 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12375 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-12374 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-6420 | Med | 5.5 | < 0.103.3-1.4 | 0.103.3-1.4 | Aug 7, 2017 | The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | |
| CVE-2017-6419 | Hig | 7.8 | < 0.103.3-1.4 | 0.103.3-1.4 | Aug 7, 2017 | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | |
| CVE-2017-6418 | Med | 5.5 | < 0.103.3-1.4 | 0.103.3-1.4 | Aug 7, 2017 | libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |
| CVE-2017-11423 | Med | 5.5 | < 0.103.3-1.4 | 0.103.3-1.4 | Jul 18, 2017 | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | |
| CVE-2012-6706 | Cri | 9.8 | < 0.103.3-1.4 | 0.103.3-1.4 | Jun 22, 2017 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ | |
| CVE-2015-2668 | — | < 0.99.2-4.1 | 0.99.2-4.1 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | ||
| CVE-2015-2222 | — | < 0.99.2-4.1 | 0.99.2-4.1 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | ||
| CVE-2015-2221 | — | < 0.99.2-4.1 | 0.99.2-4.1 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | ||
| CVE-2015-2170 | — | < 0.99.2-4.1 | 0.99.2-4.1 | May 12, 2015 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | ||
| CVE-2015-2305 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Mar 30, 2015 | Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express | ||
| CVE-2015-1463 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | ||
| CVE-2015-1462 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." |
- CVE-2018-1000085Mar 13, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
- CVE-2017-12380Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
- CVE-2017-12379Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12378Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
- CVE-2017-12377Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12376Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12375Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- CVE-2017-12374Jan 26, 2018affected < 0.103.3-1.4fixed 0.103.3-1.4
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- affected < 0.103.3-1.4fixed 0.103.3-1.4
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ
- CVE-2015-2668May 12, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
- CVE-2015-2222May 12, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
- CVE-2015-2221May 12, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
- CVE-2015-2170May 12, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
- CVE-2015-2305Mar 30, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular express
- CVE-2015-1463Feb 3, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
- CVE-2015-1462Feb 3, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
Page 3 of 5