rpm package
suse/clamav&distro=SUSE OpenStack Cloud 7
pkg:rpm/suse/clamav&distro=SUSE%20OpenStack%20Cloud%207
Vulnerabilities (19)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2020-3481 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jul 20, 2020 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A | ||
| CVE-2020-3350 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Jun 18, 2020 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m | ||
| CVE-2020-3341 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A | ||
| CVE-2020-3327 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | May 13, 2020 | A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke | ||
| CVE-2020-3123 | — | < 0.103.0-33.32.1 | 0.103.0-33.32.1 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea | ||
| CVE-2019-15961 | — | < 0.100.3-33.29.1 | 0.100.3-33.29.1 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout | ||
| CVE-2019-1789 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | ||
| CVE-2019-12625 | — | < 0.100.3-33.26.1 | 0.100.3-33.26.1 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | ||
| CVE-2019-12900 | — | < 0.100.3-33.26.1 | 0.100.3-33.26.1 | Jun 19, 2019 | BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors. | ||
| CVE-2019-1788 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Apr 8, 2019 | A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d | ||
| CVE-2019-1787 | — | < 0.100.3-33.21.1 | 0.100.3-33.21.1 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due | ||
| CVE-2018-15378 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval | ||
| CVE-2018-14682 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. | ||
| CVE-2018-14681 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite. | ||
| CVE-2018-14680 | — | < 0.100.2-33.18.1 | 0.100.2-33.18.1 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames. | ||
| CVE-2018-14679 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 28, 2018 | An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash). | ||
| CVE-2018-0361 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. | ||
| CVE-2018-0360 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Jul 16, 2018 | ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. | ||
| CVE-2018-1000085 | — | < 0.100.1-33.15.2 | 0.100.1-33.15.2 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR |
- CVE-2020-3481Jul 20, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. A
- CVE-2020-3350Jun 18, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning m
- CVE-2020-3341May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. A
- CVE-2020-3327May 13, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacke
- CVE-2020-3123Feb 5, 2020affected < 0.103.0-33.32.1fixed 0.103.0-33.32.1
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds rea
- CVE-2019-15961Jan 15, 2020affected < 0.100.3-33.29.1fixed 0.100.3-33.29.1
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing rout
- CVE-2019-1789Nov 5, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- CVE-2019-12625Nov 5, 2019affected < 0.100.3-33.26.1fixed 0.100.3-33.26.1
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-12900Jun 19, 2019affected < 0.100.3-33.26.1fixed 0.100.3-33.26.1
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write when there are many selectors.
- CVE-2019-1788Apr 8, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is d
- CVE-2019-1787Apr 8, 2019affected < 0.100.3-33.21.1fixed 0.100.3-33.21.1
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due
- CVE-2018-15378Oct 15, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an inval
- CVE-2018-14682Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.
- CVE-2018-14681Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
- CVE-2018-14680Jul 28, 2018affected < 0.100.2-33.18.1fixed 0.100.2-33.18.1
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
- CVE-2018-14679Jul 28, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number validity checks, which could lead to denial of service (uninitialized data dereference and application crash).
- CVE-2018-0361Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.
- CVE-2018-0360Jul 16, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.
- CVE-2018-1000085Mar 13, 2018affected < 0.100.1-33.15.2fixed 0.100.1-33.15.2
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR