rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP3
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP3
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2017-6419 | Hig | 7.8 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | |
| CVE-2017-6418 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |
| CVE-2017-11423 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jul 18, 2017 | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | |
| CVE-2012-6706 | Cri | 9.8 | < 0.99.4-33.9.1 | 0.99.4-33.9.1 | Jun 22, 2017 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ |
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
- affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ
Page 2 of 2