rpm package
suse/clamav&distro=SUSE Linux Enterprise Module for Basesystem 15 SP6
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP6
Vulnerabilities (8)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-20260 | — | < 1.4.3-150600.18.18.1 | 1.4.3-150600.18.18.1 | Jun 18, 2025 | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory bu | ||
| CVE-2025-20234 | — | < 1.4.3-150600.18.18.1 | 1.4.3-150600.18.18.1 | Jun 18, 2025 | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could ex | ||
| CVE-2025-20128 | — | < 1.4.2-150600.18.6.1 | 1.4.2-150600.18.6.1 | Jan 22, 2025 | A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check tha | ||
| CVE-2024-20506 | — | < 0.103.12-150600.18.3.1 | 0.103.12-150600.18.3.1 | Sep 4, 2024 | A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attac | ||
| CVE-2024-20505 | — | < 0.103.12-150600.18.3.1 | 0.103.12-150600.18.3.1 | Sep 4, 2024 | A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote atta | ||
| CVE-2024-20380 | — | < 1.4.2-150600.18.6.1 | 1.4.2-150600.18.6.1 | Apr 18, 2024 | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulne | ||
| CVE-2023-20197 | — | < 1.4.2-150600.18.6.1 | 1.4.2-150600.18.6.1 | Aug 16, 2023 | A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion | ||
| CVE-2018-14679 | — | < 1.4.2-150600.18.6.1 | 1.4.2-150600.18.6.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). |
- CVE-2025-20260Jun 18, 2025affected < 1.4.3-150600.18.18.1fixed 1.4.3-150600.18.18.1
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory bu
- CVE-2025-20234Jun 18, 2025affected < 1.4.3-150600.18.18.1fixed 1.4.3-150600.18.18.1
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could ex
- CVE-2025-20128Jan 22, 2025affected < 1.4.2-150600.18.6.1fixed 1.4.2-150600.18.6.1
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check tha
- CVE-2024-20506Sep 4, 2024affected < 0.103.12-150600.18.3.1fixed 0.103.12-150600.18.3.1
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attac
- CVE-2024-20505Sep 4, 2024affected < 0.103.12-150600.18.3.1fixed 0.103.12-150600.18.3.1
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote atta
- CVE-2024-20380Apr 18, 2024affected < 1.4.2-150600.18.6.1fixed 1.4.2-150600.18.6.1
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulne
- CVE-2023-20197Aug 16, 2023affected < 1.4.2-150600.18.6.1fixed 1.4.2-150600.18.6.1
A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion
- CVE-2018-14679Jul 28, 2018affected < 1.4.2-150600.18.6.1fixed 1.4.2-150600.18.6.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).