rpm package
suse/clamav&distro=SUSE Linux Enterprise Server 12 SP2
pkg:rpm/suse/clamav&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP2
Vulnerabilities (14)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-0202 | — | < 0.99.4-33.9.1 | 0.99.4-33.9.1 | Mar 27, 2018 | clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu | ||
| CVE-2018-1000085 | — | < 0.99.4-33.9.1 | 0.99.4-33.9.1 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR | ||
| CVE-2017-12380 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c | ||
| CVE-2017-12379 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12378 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar ( | ||
| CVE-2017-12377 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12376 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va | ||
| CVE-2017-12375 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-12374 | — | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jan 26, 2018 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri | ||
| CVE-2017-6420 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | |
| CVE-2017-6419 | Hig | 7.8 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | |
| CVE-2017-6418 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Aug 7, 2017 | libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |
| CVE-2017-11423 | Med | 5.5 | < 0.99.3-33.5.1 | 0.99.3-33.5.1 | Jul 18, 2017 | The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | |
| CVE-2012-6706 | Cri | 9.8 | < 0.99.2-32.1 | 0.99.2-32.1 | Jun 22, 2017 | A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ |
- CVE-2018-0202Mar 27, 2018affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Docu
- CVE-2018-1000085Mar 13, 2018affected < 0.99.4-33.9.1fixed 0.99.4-33.9.1
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR
- CVE-2017-12380Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c
- CVE-2017-12379Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12378Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (
- CVE-2017-12377Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12376Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input va
- CVE-2017-12375Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- CVE-2017-12374Jan 26, 2018affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms duri
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
- affected < 0.99.3-33.5.1fixed 0.99.3-33.5.1
The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.
- affected < 0.99.2-32.1fixed 0.99.2-32.1
A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negativ