rpm package

suse/clamav&distro=SUSE Linux Enterprise Server for SAP Applications 12 SP3

pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP3

Vulnerabilities (36)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-0361		—	< 0.100.1-33.15.2	0.100.1-33.15.2	Jul 16, 2018	ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVE-2018-0360		—	< 0.100.1-33.15.2	0.100.1-33.15.2	Jul 16, 2018	ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVE-2018-0202		—	< 0.99.4-33.9.1	0.99.4-33.9.1	Mar 27, 2018	clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
CVE-2018-1000085		—	< 0.99.4-33.9.1	0.99.4-33.9.1	Mar 13, 2018	ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
CVE-2017-12380		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
CVE-2017-12379		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12378		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
CVE-2017-12377		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12376		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12375		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-12374		—	< 0.99.3-33.5.1	0.99.3-33.5.1	Jan 26, 2018	The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-6420	Med	5.5	< 0.99.3-33.5.1	0.99.3-33.5.1	Aug 7, 2017	The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2017-6419	Hig	7.8	< 0.99.3-33.5.1	0.99.3-33.5.1	Aug 7, 2017	mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2017-6418	Med	5.5	< 0.99.3-33.5.1	0.99.3-33.5.1	Aug 7, 2017	libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-11423	Med	5.5	< 0.99.3-33.5.1	0.99.3-33.5.1	Jul 18, 2017	The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVE-2012-6706	Cri	9.8	< 0.99.4-33.9.1	0.99.4-33.9.1	Jun 22, 2017	A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ

CVE-2018-0361Jul 16, 2018
affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVE-2018-0360Jul 16, 2018
affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVE-2018-0202Mar 27, 2018
affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
CVE-2018-1000085Mar 13, 2018
affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
CVE-2017-12380Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
CVE-2017-12379Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12378Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
CVE-2017-12377Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12376Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12375Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-12374Jan 26, 2018
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-6420MedAug 7, 2017
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2017-6419HigAug 7, 2017
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2017-6418MedAug 7, 2017
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-11423MedJul 18, 2017
affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVE-2012-6706CriJun 22, 2017
affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ

Page 2 of 2