The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Clam AntiVirus

vulnerability announce CVE-2018-15378

ClamAV: denial of service via MEW Unpacking

Synthesis of the vulnerability

An attacker can generate a fatal error via MEW Unpacking of ClamAV, in order to trigger a denial of service.
Impacted products: ClamAV, Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service.
Provenance: document.
Creation date: 04/10/2018.
Identifiers: CVE-2018-15378, DLA-1553-1, openSUSE-SU-2018:3315-1, openSUSE-SU-2018:3505-1, SUSE-SU-2018:3250-1, SUSE-SU-2018:3436-1, SUSE-SU-2018:3441-1, USN-3789-1, USN-3789-2, VIGILANCE-VUL-27412.

Description of the vulnerability

An attacker can generate a fatal error via MEW Unpacking of ClamAV, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-14682

libmspack: buffer overflow via TOLOWER

Synthesis of the vulnerability

An attacker can generate a buffer overflow via TOLOWER() of libmspack, in order to trigger a denial of service, and possibly to run code.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2018.
Identifiers: CVE-2018-14682, DLA-1460-1, DSA-4260-1, FEDORA-2018-a5953af115, FEDORA-2018-c73d257297, FEDORA-2018-cb337fb199, openSUSE-SU-2018:3315-1, openSUSE-SU-2018:3505-1, RHSA-2018:3327-01, SUSE-SU-2018:3250-1, SUSE-SU-2018:3436-1, SUSE-SU-2018:3441-1, USN-3728-1, USN-3728-2, USN-3728-3, USN-3789-2, VIGILANCE-VUL-26893.

Description of the vulnerability

An attacker can generate a buffer overflow via TOLOWER() of libmspack, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2018-14681

libmspack: memory corruption via kwajd_read_headers

Synthesis of the vulnerability

An attacker can generate a memory corruption via kwajd_read_headers() of libmspack, in order to trigger a denial of service, and possibly to run code.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2018.
Identifiers: CVE-2018-14681, DLA-1460-1, DSA-4260-1, FEDORA-2018-a5953af115, FEDORA-2018-c73d257297, FEDORA-2018-cb337fb199, openSUSE-SU-2018:3315-1, openSUSE-SU-2018:3505-1, RHSA-2018:3327-01, SUSE-SU-2018:3250-1, SUSE-SU-2018:3436-1, SUSE-SU-2018:3441-1, USN-3728-1, USN-3728-2, USN-3728-3, USN-3789-2, VIGILANCE-VUL-26892.

Description of the vulnerability

An attacker can generate a memory corruption via kwajd_read_headers() of libmspack, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2018-14680

libmspack: denial of service via Blank CHM

Synthesis of the vulnerability

An attacker can generate a fatal error via Blank CHM of libmspack, in order to trigger a denial of service.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2018.
Identifiers: CVE-2018-14680, DLA-1460-1, DSA-4260-1, FEDORA-2018-a5953af115, FEDORA-2018-c73d257297, FEDORA-2018-cb337fb199, openSUSE-SU-2018:3315-1, openSUSE-SU-2018:3505-1, RHSA-2018:3327-01, SUSE-SU-2018:3250-1, SUSE-SU-2018:3436-1, SUSE-SU-2018:3441-1, USN-3728-1, USN-3728-2, USN-3728-3, USN-3789-2, VIGILANCE-VUL-26891.

Description of the vulnerability

An attacker can generate a fatal error via Blank CHM of libmspack, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2018-14679

libmspack: out-of-bounds memory reading via CHM PMGI/PMGL Chunk Number

Synthesis of the vulnerability

An attacker can force a read at an invalid address via CHM PMGI/PMGL Chunk Number of libmspack, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, RHEL, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 02/08/2018.
Identifiers: CVE-2018-14679, DLA-1460-1, DSA-4260-1, FEDORA-2018-ddda173f56, FEDORA-2018-e1adecd46c, openSUSE-SU-2018:2406-1, RHSA-2018:3327-01, SUSE-SU-2018:2323-1, USN-3728-1, USN-3728-2, USN-3728-3, USN-3789-2, VIGILANCE-VUL-26890.

Description of the vulnerability

An attacker can force a read at an invalid address via CHM PMGI/PMGL Chunk Number of libmspack, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2018-0361

ClamAV: denial of service via PDF Object Length

Synthesis of the vulnerability

An attacker can generate a fatal error via PDF Object Length of ClamAV, in order to trigger a denial of service.
Impacted products: ClamAV, Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/07/2018.
Identifiers: CVE-2018-0361, DLA-1461-1, openSUSE-SU-2018:2259-1, openSUSE-SU-2018:2406-1, SUSE-SU-2018:2230-1, SUSE-SU-2018:2232-1, SUSE-SU-2018:2323-1, USN-3722-1, USN-3722-2, USN-3722-3, USN-3722-4, USN-3722-5, USN-3722-6, VIGILANCE-VUL-26664.

Description of the vulnerability

An attacker can generate a fatal error via PDF Object Length of ClamAV, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0360

ClamAV: infinite loop via HWP

Synthesis of the vulnerability

An attacker can generate an infinite loop via HWP of ClamAV, in order to trigger a denial of service.
Impacted products: ClamAV, Debian, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on server, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 10/07/2018.
Identifiers: CVE-2018-0360, DLA-1461-1, openSUSE-SU-2018:2259-1, openSUSE-SU-2018:2406-1, SUSE-SU-2018:2230-1, SUSE-SU-2018:2232-1, SUSE-SU-2018:2323-1, USN-3722-1, USN-3722-2, USN-3722-3, USN-3722-4, USN-3722-5, USN-3722-6, VIGILANCE-VUL-26663.

Description of the vulnerability

An attacker can generate an infinite loop via HWP of ClamAV, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2018-0202 CVE-2018-1000085

ClamAV: vulnerability

Synthesis of the vulnerability

A vulnerability of ClamAV was announced.
Impacted products: SNS, ClamAV, Debian, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/03/2018.
Identifiers: CVE-2018-0202, CVE-2018-1000085, DLA-1307-1, openSUSE-SU-2018:0825-1, openSUSE-SU-2018:2406-1, STORM-2018-003, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, SUSE-SU-2018:2323-1, USN-3592-1, USN-3592-2, VIGILANCE-VUL-25413.

Description of the vulnerability

A vulnerability of ClamAV was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-12374 CVE-2017-12375 CVE-2017-12376

ClamAV: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Impacted products: SNS, ClamAV, Debian, Fedora, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 26/01/2018.
Identifiers: CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380, DLA-1261-1, FEDORA-2018-958b22c73f, openSUSE-SU-2018:0258-1, STORM-2018-002, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, USN-3550-1, USN-3550-2, VIGILANCE-VUL-25165.

Description of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 23983

ClamAV: out-of-bounds memory reading via xar

Synthesis of the vulnerability

An attacker can force a read at an invalid address via xar of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ClamAV.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/09/2017.
Identifiers: VIGILANCE-VUL-23983.

Description of the vulnerability

An attacker can force a read at an invalid address via xar of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Clam AntiVirus: