rpm package

suse/clamav&distro=SUSE Linux Enterprise Server 11 SP3-TERADATA

pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATA

Vulnerabilities (20)

CVE	Sev	CVSS	Affected versions	Fixed in	Published	Description
CVE-2018-15378		—	< 0.100.2-0.20.18.1	0.100.2-0.20.18.1	Oct 15, 2018	A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
CVE-2018-14682		—	< 0.100.2-0.20.18.1	0.100.2-0.20.18.1	Jul 28, 2018	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
CVE-2018-14681		—	< 0.100.2-0.20.18.1	0.100.2-0.20.18.1	Jul 28, 2018	An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVE-2018-14680		—	< 0.100.2-0.20.18.1	0.100.2-0.20.18.1	Jul 28, 2018	An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-0361		—	< 0.100.1-0.20.15.1	0.100.1-0.20.15.1	Jul 16, 2018	ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVE-2018-0360		—	< 0.100.1-0.20.15.1	0.100.1-0.20.15.1	Jul 16, 2018	ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVE-2018-0202		—	< 0.99.4-0.20.7.2	0.99.4-0.20.7.2	Mar 27, 2018	clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
CVE-2018-1000085		—	< 0.99.4-0.20.7.2	0.99.4-0.20.7.2	Mar 13, 2018	ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
CVE-2017-12380		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
CVE-2017-12379		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12378		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
CVE-2017-12377		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12376		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12375		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-12374		—	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jan 26, 2018	The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-6420	Med	5.5	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Aug 7, 2017	The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2017-6419	Hig	7.8	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Aug 7, 2017	mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2017-6418	Med	5.5	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Aug 7, 2017	libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-11423	Med	5.5	< 0.99.3-0.20.3.2	0.99.3-0.20.3.2	Jul 18, 2017	The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVE-2012-6706	Cri	9.8	< 0.99.2-0.19.1	0.99.2-0.19.1	Jun 22, 2017	A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ

CVE-2018-15378Oct 15, 2018
affected < 0.100.2-0.20.18.1fixed 0.100.2-0.20.18.1
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
CVE-2018-14682Jul 28, 2018
affected < 0.100.2-0.20.18.1fixed 0.100.2-0.20.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
CVE-2018-14681Jul 28, 2018
affected < 0.100.2-0.20.18.1fixed 0.100.2-0.20.18.1
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
CVE-2018-14680Jul 28, 2018
affected < 0.100.2-0.20.18.1fixed 0.100.2-0.20.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-0361Jul 16, 2018
affected < 0.100.1-0.20.15.1fixed 0.100.1-0.20.15.1
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
CVE-2018-0360Jul 16, 2018
affected < 0.100.1-0.20.15.1fixed 0.100.1-0.20.15.1
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
CVE-2018-0202Mar 27, 2018
affected < 0.99.4-0.20.7.2fixed 0.99.4-0.20.7.2
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
CVE-2018-1000085Mar 13, 2018
affected < 0.99.4-0.20.7.2fixed 0.99.4-0.20.7.2
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
CVE-2017-12380Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
CVE-2017-12379Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12378Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
CVE-2017-12377Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12376Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
CVE-2017-12375Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-12374Jan 26, 2018
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
CVE-2017-6420MedAug 7, 2017
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
CVE-2017-6419HigAug 7, 2017
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
CVE-2017-6418MedAug 7, 2017
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-11423MedJul 18, 2017
affected < 0.99.3-0.20.3.2fixed 0.99.3-0.20.3.2
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
CVE-2012-6706CriJun 22, 2017
affected < 0.99.2-0.19.1fixed 0.99.2-0.19.1
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ