The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of ClamAV

vulnerability bulletin CVE-2018-0202 CVE-2018-1000085

ClamAV: vulnerability

Synthesis of the vulnerability

A vulnerability of ClamAV was announced.
Impacted products: SNS, ClamAV, Debian, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: unknown consequence, administrator access/rights, privileged access/rights, user access/rights, client access/rights, data reading, data creation/edition, data deletion, data flow, denial of service on server, denial of service on service, denial of service on client, disguisement.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 02/03/2018.
Identifiers: CVE-2018-0202, CVE-2018-1000085, DLA-1307-1, openSUSE-SU-2018:0825-1, openSUSE-SU-2018:2406-1, STORM-2018-003, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, SUSE-SU-2018:2323-1, USN-3592-1, USN-3592-2, VIGILANCE-VUL-25413.

Description of the vulnerability

A vulnerability of ClamAV was announced.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-12374 CVE-2017-12375 CVE-2017-12376

ClamAV: seven vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Impacted products: SNS, ClamAV, Debian, Fedora, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: privileged access/rights, user access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 7.
Creation date: 26/01/2018.
Identifiers: CVE-2017-12374, CVE-2017-12375, CVE-2017-12376, CVE-2017-12377, CVE-2017-12378, CVE-2017-12379, CVE-2017-12380, DLA-1261-1, FEDORA-2018-958b22c73f, openSUSE-SU-2018:0258-1, STORM-2018-002, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, USN-3550-1, USN-3550-2, VIGILANCE-VUL-25165.

Description of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin 23983

ClamAV: out-of-bounds memory reading via xar

Synthesis of the vulnerability

An attacker can force a read at an invalid address via xar of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ClamAV.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 29/09/2017.
Identifiers: VIGILANCE-VUL-23983.

Description of the vulnerability

An attacker can force a read at an invalid address via xar of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2017-11423

libmspack: denial of service via CAB

Synthesis of the vulnerability

An attacker can generate a fatal error via CAB of libmspack, in order to trigger a denial of service.
Impacted products: SNS, ClamAV, Debian, Fedora, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: denial of service on service, denial of service on client.
Provenance: document.
Creation date: 18/08/2017.
Identifiers: CVE-2017-11423, DLA-1279-1, DSA-3946-1, FEDORA-2017-982bfabc4e, FEDORA-2017-b97f9d82dc, openSUSE-SU-2018:0258-1, openSUSE-SU-2018:0825-1, STORM-2018-003, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, USN-3394-1, VIGILANCE-VUL-23563.

Description of the vulnerability

An attacker can generate a fatal error via CAB of libmspack, in order to trigger a denial of service.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2017-6420

ClamAV: use after free via wwunpack

Synthesis of the vulnerability

An attacker can force the usage of a freed memory area via wwunpack() of ClamAV, in order to trigger a denial of service, and possibly to run code.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/08/2017.
Identifiers: CVE-2017-6420, DLA-1105-1, FEDORA-2018-2a1f469c85, FEDORA-2018-958b22c73f, FEDORA-2018-a86bad9689, FEDORA-2018-cb339851e7, openSUSE-SU-2018:0258-1, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, USN-3393-1, USN-3393-2, VIGILANCE-VUL-23456.

Description of the vulnerability

An attacker can force the usage of a freed memory area via wwunpack() of ClamAV, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability CVE-2017-6419

ClamAV: buffer overflow via mspack/lzxd.c

Synthesis of the vulnerability

An attacker can generate a buffer overflow via mspack/lzxd.c of ClamAV, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, ClamAV, Debian, Fedora, NETASQ, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 3/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/08/2017.
Identifiers: CVE-2017-6419, DLA-1279-1, DSA-3946-1, FEDORA-2017-982bfabc4e, FEDORA-2017-b97f9d82dc, FEDORA-2018-958b22c73f, FEDORA-2018-cb339851e7, openSUSE-SU-2018:0258-1, openSUSE-SU-2018:0825-1, STORM-2018-003, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, USN-3393-1, USN-3393-2, USN-3394-1, VIGILANCE-VUL-23455.

Description of the vulnerability

An attacker can generate a buffer overflow via mspack/lzxd.c of ClamAV, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2017-6418

ClamAV: out-of-bounds memory reading via libclamav/message.c

Synthesis of the vulnerability

An attacker can force a read at an invalid address via libclamav/message.c of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Impacted products: ClamAV, Debian, Fedora, openSUSE Leap, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: data reading, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 07/08/2017.
Identifiers: CVE-2017-6418, DLA-1105-1, FEDORA-2018-2a1f469c85, FEDORA-2018-958b22c73f, FEDORA-2018-a86bad9689, FEDORA-2018-cb339851e7, openSUSE-SU-2018:0258-1, SUSE-SU-2018:0254-1, SUSE-SU-2018:0255-1, USN-3393-1, USN-3393-2, VIGILANCE-VUL-23454.

Description of the vulnerability

An attacker can force a read at an invalid address via libclamav/message.c of ClamAV, in order to trigger a denial of service, or to obtain sensitive information.
Full Vigil@nce bulletin... (Free trial)

vulnerability bulletin CVE-2012-6706

unrar: memory corruption via VMSF_DELTA

Synthesis of the vulnerability

An attacker can generate a memory corruption via VMSF_DELTA of unrar, in order to trigger a denial of service, and possibly to run code.
Impacted products: SNS, ClamAV, Debian, McAfee Web Gateway, NETASQ, openSUSE Leap, Solaris, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Creation date: 23/06/2017.
Identifiers: bulletinjul2017, CERTFR-2017-AVI-238, CVE-2012-6706, DLA-1003-1, openSUSE-SU-2017:1658-1, openSUSE-SU-2017:1797-1, openSUSE-SU-2018:0825-1, SB10205, STORM-2018-003, SUSE-SU-2017:1716-1, SUSE-SU-2017:1745-1, SUSE-SU-2017:1760-1, SUSE-SU-2018:0809-1, SUSE-SU-2018:0863-1, VIGILANCE-VUL-23073.

Description of the vulnerability

An attacker can generate a memory corruption via VMSF_DELTA of unrar, in order to trigger a denial of service, and possibly to run code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2016-1371 CVE-2016-1372

ClamAV: multiple vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Impacted products: SNS, ClamAV, Debian, Ubuntu.
Severity: 2/4.
Consequences: privileged access/rights, denial of service on service.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 12/08/2016.
Identifiers: CVE-2016-1371, CVE-2016-1372, DLA-546-1, DLA-546-2, STORM-2016-003, STORM-2016-004, USN-3093-1, VIGILANCE-VUL-20374.

Description of the vulnerability

Several vulnerabilities were announced in ClamAV.

An attacker can send an ill formed executable file, in order to trigger a denial of service. [severity:2/4; CVE-2016-1371]

An attacker can submit an ill formed 7zip archive, in order to trigger a denial of service and possibly run machine code. [severity:2/4; CVE-2016-1372]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability note CVE-2015-2170 CVE-2015-2221 CVE-2015-2222

ClamAV: eight vulnerabilities

Synthesis of the vulnerability

An attacker can use several vulnerabilities of ClamAV.
Impacted products: ClamAV, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Ubuntu.
Severity: 2/4.
Consequences: user access/rights, denial of service on service, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 8.
Creation date: 29/04/2015.
Identifiers: CERTFR-2015-AVI-199, CVE-2015-2170, CVE-2015-2221, CVE-2015-2222, CVE-2015-2305, CVE-2015-2668, FEDORA-2015-7334, FEDORA-2015-7378, MDVSA-2015:221, openSUSE-SU-2015:0906-1, SUSE-SU-2016:1638-1, USN-2594-1, VIGILANCE-VUL-16759.

Description of the vulnerability

Several vulnerabilities were announced in ClamAV.

An attacker can generate an infinite loop with a y0da file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2221]

An attacker can use a Petite Packed file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2222]

An attacker can use a Upack Packed file, in order to trigger a denial of service. [severity:2/4]

An attacker can use a PE file, in order to trigger a denial of service. [severity:2/4]

An attacker can generate an infinite loop with an xz file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2668]

An attacker can generate a buffer overflow in the regcomp() function of Henry Spencer regex, in order to trigger a denial of service, and possibly to execute code (VIGILANCE-VUL-16412). [severity:2/4; CVE-2015-2305]

An attacker can use an upx file, in order to trigger a denial of service. [severity:2/4; CVE-2015-2170]

An attacker can use an HTML file, in order to trigger a denial of service. [severity:2/4]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about ClamAV: