Debian Clamav vulnerabilities

CVE-2018-0202 [MEDIUM] CVE-2018-0202: clamav - clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an un... clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker

CVE-2018-0361 [LOW] CVE-2018-0361: clamav - ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasona... ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Scope: local bookworm: resolved (fixed in 0.100.1+dfsg-1) bullseye: resolved (fixed in 0.100.1+dfsg-1) forky: resolved (fixed in 0.100.1+dfsg-1) sid: resolved (fixed in 0.100.1+dfsg-1) trixie: resolved (fixed in 0.100.1+dfsg-1)

CVE-2017-12377 [CRITICAL] CVE-2017-12377: clamav - ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that... ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A succes

CVE-2017-12379 [CRITICAL] CVE-2017-12379: clamav - ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that... ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. A

CVE-2017-12374 [HIGH] CVE-2017-12374: clamav - The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability ... The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfull

CVE-2017-12380 [HIGH] CVE-2017-12380: clamav - ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that... ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote

CVE-2017-12375 [HIGH] CVE-2017-12375: clamav - The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability ... The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, r

CVE-2017-12376 [HIGH] CVE-2017-12376: clamav - ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that... ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to

CVE-2017-6420 [MEDIUM] CVE-2017-6420: clamav - The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote att... The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Scope: local bookworm: resolved (fixed in 0.99.3~beta1+dfsg-1) bullseye: resolved (fixed in 0.99.3~beta1+dfsg-1) forky: resolved (fixed in 0.99.3~beta1+dfsg-1) sid: resolved (fixed in 0.99.

CVE-2017-6418 [MEDIUM] CVE-2017-6418: clamav - libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial o... libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Scope: local bookworm: resolved (fixed in 0.99.3~beta1+dfsg-1) bullseye: resolved (fixed in 0.99.3~beta1+dfsg-1) forky: resolved (fixed in 0.99.3~beta1+dfsg-1) sid: resolved (fixed in 0.99.3~beta1+dfsg-1) trixie: resolved (fixed

CVE-2017-12378 [MEDIUM] CVE-2017-12378: clamav - ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that... ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a chec

CVE-2017-11423 [MEDIUM] CVE-2017-11423: clamav - The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in... The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. Scope: local bookworm: resolved (fixed in 0.99.3~beta1+dfsg-1) bullseye: resolved (fixed in 0.99.3~beta1+dfsg-1) forky: re

CVE-2017-6419 [HIGH] CVE-2017-6419: clamav - mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote att... mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. Scope: local bookworm: resolved (fixed in 0.99.3~beta1+dfsg-1) bullseye: resolved (fixed in 0.99.3~beta1+dfsg-1) forky: resolved (fixed in

CVE-2016-1405 [HIGH] CVE-2016-1405: clamav - libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection... libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60

CVE-2016-1372 [MEDIUM] CVE-2016-1372: clamav - ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a den... ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Scope: local bookworm: resolved (fixed in 0.99.2+dfsg-1) bullseye: resolved (fixed in 0.99.2+dfsg-1) forky: resolved (fixed in 0.99.2+dfsg-1) sid: resolved (fixed in 0.99.2+dfsg-1) trixie: resolved (fixed in 0.99.2+dfsg-1)

CVE-2016-1371 [MEDIUM] CVE-2016-1371: clamav - ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a den... ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. Scope: local bookworm: resolved (fixed in 0.99.2+dfsg-1) bullseye: resolved (fixed in 0.99.2+dfsg-1) forky: resolved (fixed in 0.99.2+dfsg-1) sid: resolved (fixed in 0.99.2+dfsg-1) trixie: resolved (fixed in 0.99.2+df

CVE-2015-1461 [HIGH] CVE-2015-1461: clamav - ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a cr... ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." Scope: local bookworm: resolved (fixed in 0.98.6+dfsg-1) bullseye: resolved (fixed in 0.98.6+dfsg-1) forky: resolved (fixed in 0.98.6+dfsg-1) sid: resolved (fixed in 0.98.6+dfsg-1) trixie: resolved

CVE-2015-1462 [HIGH] CVE-2015-1462: clamav - ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a cr... ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." Scope: local bookworm: resolved (fixed in 0.98.6+dfsg-1) bullseye: resolved (fixed in 0.98.6+dfsg-1) forky: resolved (fixed in 0.98.6+dfsg-1) sid: resolved (fixed in 0.98.6+dfsg-1) trixie: resolved (fixed in 0.98.6+dfsg-1)

CVE-2015-2221 [MEDIUM] CVE-2015-2221: clamav - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infin... ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Scope: local bookworm: resolved (fixed in 0.98.7+dfsg-1) bullseye: resolved (fixed in 0.98.7+dfsg-1) forky: resolved (fixed in 0.98.7+dfsg-1) sid: resolved (fixed in 0.98.7+dfsg-1) trixie: resolved (fixed in 0.98.7+dfsg-1)

CVE-2015-2222 [MEDIUM] CVE-2015-2222: clamav - ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash... ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Scope: local bookworm: resolved (fixed in 0.98.7+dfsg-1) bullseye: resolved (fixed in 0.98.7+dfsg-1) forky: resolved (fixed in 0.98.7+dfsg-1) sid: resolved (fixed in 0.98.7+dfsg-1) trixie: resolved (fixed in 0.98.7+dfsg-1)