CVE-2016-1372Improper Access Control in Clamav

CWE-284Improper Access Control6 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.5%
top 33.37%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
ClamavDebian ClamavCanonical Ubuntu Linux
Timeline
PublishedOct 3
Latest updateMay 17

Description

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.

CVSS vector

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 1.8 | Impact: 3.6

Affected Packages3 packages

debiandebian/clamav< clamav 0.99.2+dfsg-1 (bookworm)
Debianclamav/clamav< 0.99.2+dfsg-1+3
NVDclamav/clamav0.99.1

Also affects: Ubuntu Linux 12.04, 14.04, 16.04

🔴Vulnerability Details

2
GHSA
GHSA-87jf-wcch-mpm4: ClamAV (aka Clam AntiVirus) before 02022-05-17
OSV
CVE-2016-1372: ClamAV (aka Clam AntiVirus) before 02016-10-03

📋Vendor Advisories

2
Ubuntu
ClamAV vulnerabilities2016-09-28
Debian
CVE-2016-1372: clamav - ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a den...2016

💬Community

1
Bugzilla
CVE-2016-1372 clamav: Multiple vulnerabilities when processing crafted 7z files2016-06-14