rpm package
opensuse/clamav&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
Vulnerabilities (90)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2026-20031 | — | < 1.5.2-1.1 | 1.5.2-1.1 | Mar 4, 2026 | A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An a | ||
| CVE-2025-20260 | — | < 1.4.3-1.1 | 1.4.3-1.1 | Jun 18, 2025 | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory bu | ||
| CVE-2025-20234 | — | < 1.4.3-1.1 | 1.4.3-1.1 | Jun 18, 2025 | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could ex | ||
| CVE-2025-20128 | — | < 1.4.2-1.1 | 1.4.2-1.1 | Jan 22, 2025 | A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check tha | ||
| CVE-2024-20506 | — | < 1.4.1-1.1 | 1.4.1-1.1 | Sep 4, 2024 | A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attac | ||
| CVE-2024-20505 | — | < 1.4.1-1.1 | 1.4.1-1.1 | Sep 4, 2024 | A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote atta | ||
| CVE-2023-40477 | — | < 0.103.11-2.1 | 0.103.11-2.1 | May 3, 2024 | RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in tha | ||
| CVE-2024-20380 | — | < 1.3.1-1.1 | 1.3.1-1.1 | Apr 18, 2024 | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulne | ||
| CVE-2023-20197 | — | < 0.103.9-1.1 | 0.103.9-1.1 | Aug 16, 2023 | A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion | ||
| CVE-2023-20052 | — | < 0.103.8-1.1 | 0.103.8-1.1 | Feb 16, 2023 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sens | ||
| CVE-2023-20032 | — | < 0.103.8-1.1 | 0.103.8-1.1 | Feb 16, 2023 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to | ||
| CVE-2022-20792 | — | < 0.103.6-1.1 | 0.103.6-1.1 | Aug 10, 2022 | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly g | ||
| CVE-2022-20796 | — | < 0.103.6-1.1 | 0.103.6-1.1 | May 4, 2022 | On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker t | ||
| CVE-2022-20785 | — | < 0.103.6-1.1 | 0.103.6-1.1 | May 4, 2022 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior vers | ||
| CVE-2022-20771 | — | < 0.103.6-1.1 | 0.103.6-1.1 | May 4, 2022 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior | ||
| CVE-2022-20770 | — | < 0.103.6-1.1 | 0.103.6-1.1 | May 4, 2022 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versi | ||
| CVE-2022-20698 | — | < 0.103.5-1.1 | 0.103.5-1.1 | Jan 14, 2022 | A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to imp | ||
| CVE-2021-1404 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2021 | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that | ||
| CVE-2021-1405 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2021 | A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initi | ||
| CVE-2021-1252 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 8, 2021 | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling |
- CVE-2026-20031Mar 4, 2026affected < 1.5.2-1.1fixed 1.5.2-1.1
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An a
- CVE-2025-20260Jun 18, 2025affected < 1.4.3-1.1fixed 1.4.3-1.1
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory bu
- CVE-2025-20234Jun 18, 2025affected < 1.4.3-1.1fixed 1.4.3-1.1
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could ex
- CVE-2025-20128Jan 22, 2025affected < 1.4.2-1.1fixed 1.4.2-1.1
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check tha
- CVE-2024-20506Sep 4, 2024affected < 1.4.1-1.1fixed 1.4.1-1.1
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attac
- CVE-2024-20505Sep 4, 2024affected < 1.4.1-1.1fixed 1.4.1-1.1
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote atta
- CVE-2023-40477May 3, 2024affected < 0.103.11-2.1fixed 0.103.11-2.1
RARLAB WinRAR Recovery Volume Improper Validation of Array Index Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of RARLAB WinRAR. User interaction is required to exploit this vulnerability in tha
- CVE-2024-20380Apr 18, 2024affected < 1.3.1-1.1fixed 1.3.1-1.1
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulne
- CVE-2023-20197Aug 16, 2023affected < 0.103.9-1.1fixed 0.103.9-1.1
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion
- CVE-2023-20052Feb 16, 2023affected < 0.103.8-1.1fixed 0.103.8-1.1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sens
- CVE-2023-20032Feb 16, 2023affected < 0.103.8-1.1fixed 0.103.8-1.1
On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to
- CVE-2022-20792Aug 10, 2022affected < 0.103.6-1.1fixed 0.103.6-1.1
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly g
- CVE-2022-20796May 4, 2022affected < 0.103.6-1.1fixed 0.103.6-1.1
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker t
- CVE-2022-20785May 4, 2022affected < 0.103.6-1.1fixed 0.103.6-1.1
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior vers
- CVE-2022-20771May 4, 2022affected < 0.103.6-1.1fixed 0.103.6-1.1
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior
- CVE-2022-20770May 4, 2022affected < 0.103.6-1.1fixed 0.103.6-1.1
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versi
- CVE-2022-20698Jan 14, 2022affected < 0.103.5-1.1fixed 0.103.5-1.1
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to imp
- CVE-2021-1404Apr 8, 2021affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that
- CVE-2021-1405Apr 8, 2021affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initi
- CVE-2021-1252Apr 8, 2021affected < 0.103.3-1.4fixed 0.103.3-1.4
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling
Page 1 of 5