clamav (SUSE:Linux Enterprise Server 12 SP3) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Linux Enterprise Server 12 SP3 package clamav, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (24)
CVE-2017-12377 — CVSS 9.8 (critical): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2017-12379 — CVSS 9.8 (critical): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2012-6706 — CVSS 9.8 (critical): A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and…
CVE-2018-14682 — CVSS 8.8 (high): An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM…
CVE-2018-14681 — CVSS 8.8 (high): An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a…
CVE-2017-6419 — CVSS 7.8 (high): mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer…
CVE-2017-12376 — CVSS 7.8 (high): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2019-1789 — CVSS 7.5 (high): ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur…
CVE-2017-12374 — CVSS 7.5 (high): The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to…
CVE-2017-12375 — CVSS 7.5 (high): The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to…
CVE-2017-12380 — CVSS 7.5 (high): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2018-14680 — CVSS 6.5 (medium): An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
CVE-2018-14679 — CVSS 6.5 (medium): An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the CHM PMGI/PMGL chunk number…
CVE-2018-0360 — CVSS 5.5 (medium): ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in…
CVE-2018-1000085 — CVSS 5.5 (medium): ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can…
CVE-2017-11423 — CVSS 5.5 (medium): The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers…
CVE-2018-0202 — CVSS 5.5 (medium): clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service…
CVE-2017-6420 — CVSS 5.5 (medium): The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a…
CVE-2017-6418 — CVSS 5.5 (medium): libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.
CVE-2017-12378 — CVSS 5.5 (medium): ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a…
CVE-2018-15378 — CVSS 5.5 (medium): A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability…
CVE-2019-1787 — CVSS 5.5 (medium): A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior…
CVE-2019-1788 — CVSS 5.5 (medium): A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1…
CVE-2018-0361 — CVSS 3.3 (low): ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.