rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-1789 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | ||
| CVE-2019-1788 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Apr 8, 2019 | A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d | ||
| CVE-2019-1787 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due | ||
| CVE-2018-15378 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval | ||
| CVE-2018-14682 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | ||
| CVE-2018-14681 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | ||
| CVE-2018-14680 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | ||
| CVE-2018-14679 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||
| CVE-2018-0361 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | ||
| CVE-2018-0360 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. | ||
| CVE-2018-0202 | — | < 0.99.4-33.9.1 | 0.99.4-33.9.1 | Mar 27, 2018 | clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu | ||
| CVE-2018-1000085 | — | < 0.99.4-33.9.1 | 0.99.4-33.9.1 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR | ||
| CVE-2017-12380 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c | ||
| CVE-2017-12379 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12378 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar ( | ||
| CVE-2017-12377 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12376 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12375 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-12374 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-6420 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. |
- CVE-2019-1789Nov 5, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- CVE-2019-1788Apr 8, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d
- CVE-2019-1787Apr 8, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due
- CVE-2018-15378Oct 15, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
- CVE-2018-14682Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- CVE-2018-14681Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
- CVE-2018-14680Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- CVE-2018-14679Jul 28, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
- CVE-2018-0361Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- CVE-2018-0360Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- CVE-2018-0202Mar 27, 2018affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
- CVE-2018-1000085Mar 13, 2018affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
- CVE-2017-12380Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
- CVE-2017-12379Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12378Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
- CVE-2017-12377Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12376Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12375Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- CVE-2017-12374Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
Page 1 of 2