CVE-2015-2170Clamav vulnerability

CWE-3996 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedMay 12
Latest updateMay 17

Description

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.98.7+dfsg-1 (bookworm)
Debianclamav/clamav< 0.98.7+dfsg-1+3
NVDclamav/clamav0.98.6

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.04

Patches

Patch: blog.clamav.netPatch: blog.clamav.net

🔴Vulnerability Details

2
GHSA
GHSA-934m-45xh-8j2f: The upx decoder in ClamAV before 02022-05-17
OSV
CVE-2015-2170: The upx decoder in ClamAV before 02015-05-12

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2015-05-05
Debian
CVE-2015-2170: clamav - The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denia...2015

💬Community

1
Bugzilla
CVE-2015-2170: clamav: Crash in upx decoder with crafted file2015-04-29