Debian Clamav vulnerabilities

CVE-2025-20260 [CRITICAL] CVE-2025-20260: clamav - A vulnerability in the PDF scanning processes of ClamAV could allow an unauthent... A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit

CVE-2025-20128 [MEDIUM] CVE-2025-20128: clamav - A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine ... A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by

CVE-2025-20234 [MEDIUM] CVE-2025-20234: clamav - A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow ... A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned

CVE-2024-20290 [HIGH] CVE-2024-20290: clamav - A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthen... A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer over-read. An attacker could exploit this vulnerability by submitting a

CVE-2024-20506 [MEDIUM] CVE-2024-20506: clamav - A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions ... A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD pr

CVE-2024-20328 [MEDIUM] CVE-2024-20328: clamav - A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker... A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using

CVE-2024-20505 [MEDIUM] CVE-2024-20505: clamav - A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.... A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerabil

CVE-2024-20380 [HIGH] CVE-2024-20380: clamav - A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, rem... A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on a

CVE-2023-20032 [CRITICAL] CVE-2023-20032: clamav - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was ... On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may

CVE-2023-20212 [HIGH] CVE-2023-20212: clamav - A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, r... A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the aff

CVE-2023-20197 [HIGH] CVE-2023-20197: clamav - A vulnerability in the filesystem image parser for Hierarchical File System Plus... A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affec

CVE-2023-20052 [MEDIUM] CVE-2023-20052: clamav - On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was ... On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity su

CVE-2022-20698 [HIGH] CVE-2022-20698: clamav - A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software ... A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this v

CVE-2022-20792 [HIGH] CVE-2022-20792: clamav - A vulnerability in the regex module used by the signature database load module o... A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result

CVE-2022-20771 [HIGH] CVE-2022-20771: clamav - On April 20, 2022, the following vulnerability in the ClamAV scanning library ve... On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service con

CVE-2022-20785 [HIGH] CVE-2022-20785: clamav - On April 20, 2022, the following vulnerability in the ClamAV scanning library ve... On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service conditi

CVE-2022-20770 [HIGH] CVE-2022-20770: clamav - On April 20, 2022, the following vulnerability in the ClamAV scanning library ve... On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service conditio

CVE-2022-20796 [MEDIUM] CVE-2022-20796: clamav - On May 4, 2022, the following vulnerability in the ClamAV scanning library versi... On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this

CVE-2022-20803 [HIGH] CVE-2022-20803: clamav - A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.10... A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a

CVE-2021-1404 [HIGH] CVE-2021-1404: clamav - A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software ve... A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by send