Search CVE reports
1 – 10 of 179 results
Fixed 32-bit DMG parser size checks that could let a short mish stripe table pass validation and crash 32-bit scanner builds.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed ALZ parser size handling bugs that could cause malformed ALZ archives to panic, abort the scanner, or skip expected scan-limit handling.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed a bug in the PESpin unpacker cleanup path that could free pointers into the scanned file buffer and crash the scanner.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed an InstallShield archive extraction limit bypass that could write far more temporary data than intended and exhaust temporary storage.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed a 7z parser substream count overflow that could under-allocate parser metadata arrays and write past them while reading a malformed archive.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed an FSG unpacker loop underflow that could write past the section array while scanning a malformed PE file.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
Fixed an integer overflow in PE rebuild size calculations that could be reached through a malformed Aspack-packed PE file and lead to a heap buffer overflow write.
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
bzip2 contains an off‑by‑one error in the bzip2recover utility. When processing a specially crafted file, the application performs an out‑of‑bounds write to a global buffer, resulting in memory corruption and a crash (denial of...
2 affected packages
bzip2, clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| bzip2 | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation | Needs evaluation |
| clamav | Not affected | Not affected | Not affected | Not affected | Not affected |
Some fixes available 4 of 8
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper...
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | Fixed | Fixed | Fixed | Needs evaluation | Needs evaluation |
ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input...
1 affected package
clamav
| Package | 26.04 LTS | 24.04 LTS | 22.04 LTS | 20.04 LTS | 18.04 LTS |
|---|---|---|---|---|---|
| clamav | — | Not affected | Not affected | Fixed | Fixed |