rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP5
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5
Vulnerabilities (24)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15961 | — | < 0.103.0-3.3.1 | 0.103.0-3.3.1 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | ||
| CVE-2019-12625 | — | < 0.103.0-3.3.1 | 0.103.0-3.3.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | ||
| CVE-2019-12900 | — | < 0.103.0-3.3.1 | 0.103.0-3.3.1 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| CVE-2018-14679 | — | < 0.103.4-3.12.1 | 0.103.4-3.12.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
- CVE-2019-15961Jan 15, 2020affected < 0.103.0-3.3.1fixed 0.103.0-3.3.1
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- CVE-2019-12625Nov 5, 2019affected < 0.103.0-3.3.1fixed 0.103.0-3.3.1
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-12900Jun 19, 2019affected < 0.103.0-3.3.1fixed 0.103.0-3.3.1
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- CVE-2018-14679Jul 28, 2018affected < 0.103.4-3.12.1fixed 0.103.4-3.12.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
Page 2 of 2