CVE-2015-2222Clamav vulnerability

CWE-3996 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedMay 12
Latest updateMay 17

Description

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.98.7+dfsg-1 (bookworm)
Debianclamav/clamav< 0.98.7+dfsg-1+3
NVDclamav/clamav0.98.6

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.1

Patches

Patch: blog.clamav.netPatch: blog.clamav.net

🔴Vulnerability Details

2
GHSA
GHSA-mp9j-249w-q6hq: ClamAV before 02022-05-17
OSV
CVE-2015-2222: ClamAV before 02015-05-12

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2015-05-05
Debian
CVE-2015-2222: clamav - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash...2015

💬Community

1
Bugzilla
CVE-2015-2222 clamav: crash on crafted petite packed file2015-04-29