CVE-2015-2668Infinite Loop in Clamav

CWE-3996 documents6 sources
Severity
5.0MEDIUMNVD
EPSS
0.8%
top 26.48%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedMay 12
Latest updateMay 17

Description

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

debiandebian/clamav< clamav 0.98.7+dfsg-1 (bookworm)
Debianclamav/clamav< 0.98.7+dfsg-1+3
NVDclamav/clamav0.98.6

Also affects: Ubuntu Linux 12.04, 14.04, 14.10, 15.1

Patches

Patch: blog.clamav.netPatch: blog.clamav.net

🔴Vulnerability Details

2
GHSA
GHSA-hcq6-qrq8-g2hg: ClamAV before 02022-05-17
OSV
CVE-2015-2668: ClamAV before 02015-05-12

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2015-05-05
Debian
CVE-2015-2668: clamav - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infin...2015

💬Community

1
Bugzilla
CVE-2015-2668 clamav: Infinite loop condition on a crafted "xz" archive file2015-04-29