rpm package
suse/clamav&distro=SUSE Linux Enterprise Module for Basesystem 15
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015
Vulnerabilities (12)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2019-15961 | Hig | 7.5 | < 0.100.3-3.17.2 | 0.100.3-3.17.2 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | |
| CVE-2019-1789 | Hig | 7.5 | < 0.100.3-3.9.1 | 0.100.3-3.9.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | |
| CVE-2019-12625 | Hig | 7.5 | < 0.100.3-3.14.1 | 0.100.3-3.14.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | |
| CVE-2019-12900 | Cri | 9.8 | < 0.100.3-3.14.1 | 0.100.3-3.14.1 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | |
| CVE-2019-1788 | Med | 5.5 | < 0.100.3-3.9.1 | 0.100.3-3.9.1 | Apr 8, 2019 | A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d | |
| CVE-2019-1787 | Med | 5.5 | < 0.100.3-3.9.1 | 0.100.3-3.9.1 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due | |
| CVE-2018-15378 | Med | 5.5 | < 0.100.2-3.6.4 | 0.100.2-3.6.4 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval | |
| CVE-2018-14682 | Hig | 8.8 | < 0.100.2-3.6.4 | 0.100.2-3.6.4 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | |
| CVE-2018-14681 | Hig | 8.8 | < 0.100.2-3.6.4 | 0.100.2-3.6.4 | Jul 28, 2018 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | |
| CVE-2018-14680 | Med | 6.5 | < 0.100.2-3.6.4 | 0.100.2-3.6.4 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | |
| CVE-2018-0361 | Low | 3.3 | < 0.100.1-3.3.1 | 0.100.1-3.3.1 | Jul 16, 2018 | ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | |
| CVE-2018-0360 | Med | 5.5 | < 0.100.1-3.3.1 | 0.100.1-3.3.1 | Jul 16, 2018 | ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. |
- affected < 0.100.3-3.17.2fixed 0.100.3-3.17.2
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- affected < 0.100.3-3.9.1fixed 0.100.3-3.9.1
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- affected < 0.100.3-3.14.1fixed 0.100.3-3.14.1
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- affected < 0.100.3-3.14.1fixed 0.100.3-3.14.1
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- affected < 0.100.3-3.9.1fixed 0.100.3-3.9.1
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d
- affected < 0.100.3-3.9.1fixed 0.100.3-3.9.1
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due
- affected < 0.100.2-3.6.4fixed 0.100.2-3.6.4
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
- affected < 0.100.2-3.6.4fixed 0.100.2-3.6.4
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- affected < 0.100.2-3.6.4fixed 0.100.2-3.6.4
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
- affected < 0.100.2-3.6.4fixed 0.100.2-3.6.4
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- affected < 0.100.1-3.3.1fixed 0.100.1-3.3.1
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- affected < 0.100.1-3.3.1fixed 0.100.1-3.3.1
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.