Information on source package clamav

Available versions

ReleaseVersion
jessie0.100.0+dfsg-0+deb8u1
jessie (security)0.100.1+dfsg-0+deb8u1
stretch0.100.0+dfsg-0+deb9u2
buster0.100.2+dfsg-1
sid0.100.2+dfsg-1

Open issues

BugjessiestretchbustersidDescription
CVE-2018-15378vulnerablevulnerable (no DSA)fixedfixedA vulnerability in ClamAV versions prior to 0.100.2 could allow an ...
CVE-2018-0361fixedvulnerable (no DSA)fixedfixedClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...
CVE-2018-0360fixedvulnerable (no DSA)fixedfixedClamAV before 0.100.1 has an HWP integer overflow with a resultant ...

Resolved issues

BugDescription
TEMP-0535881-957F77clamav scanner bypass with archives
TEMP-0000000-DD8D83crash during algorithmic detection on crafted PE file
TEMP-0000000-DAE756clamav: DoS through multiple empty Content-Disposition header lines
TEMP-0000000-84AA65DoS against clamav through infinite loop in cli_rmdirs
TEMP-0000000-604AC4crashes on crafted upack packed file
CVE-2018-1000085ClamAV version version 0.99.3 contains a Out of bounds heap memory ...
CVE-2018-0202clamscan in ClamAV before 0.99.4 contains a vulnerability that could ...
CVE-2017-6420The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...
CVE-2017-6419mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...
CVE-2017-6418libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a ...
CVE-2017-12380ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12379ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12378ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12377ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12376ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12375The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-12374The ClamAV AntiVirus software versions 0.99.2 and prior contain a ...
CVE-2017-11423The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...
CVE-2016-1405libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...
CVE-2016-1372ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to ...
CVE-2016-1371ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to ...
CVE-2015-2668ClamAV before 0.98.7 allows remote attackers to cause a denial of ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer ...
CVE-2015-2222ClamAV before 0.98.7 allows remote attackers to cause a denial of ...
CVE-2015-2221ClamAV before 0.98.7 allows remote attackers to cause a denial of ...
CVE-2015-2170The upx decoder in ClamAV before 0.98.7 allows remote attackers to ...
CVE-2015-1463ClamAV before 0.98.6 allows remote attackers to cause a denial of ...
CVE-2015-1462ClamAV before 0.98.6 allows remote attackers to have unspecified ...
CVE-2015-1461ClamAV before 0.98.6 allows remote attackers to have unspecified ...
CVE-2014-9328ClamAV before 0.98.6 allows remote attackers to have unspecified ...
CVE-2014-9050Heap-based buffer overflow in the cli_scanpe function in ...
CVE-2013-7089dbg_printhex possible information leak
CVE-2013-7088buffer overflow
CVE-2013-7087[clamav: WWPack corrupt heap memory
CVE-2013-6497clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...
CVE-2013-2021pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...
CVE-2013-2020Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...
CVE-2012-1459The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, ...
CVE-2012-1458The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus ...
CVE-2012-1457The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK ...
CVE-2012-1419The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat ...
CVE-2011-3627The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...
CVE-2011-2721Off-by-one error in the cli_hm_scan function in matcher-hash.c in ...
CVE-2011-1003Double free vulnerability in the vba_read_project_strings function in ...
CVE-2010-4479Unspecified vulnerability in pdf.c in libclamav in ClamAV before ...
CVE-2010-4261Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...
CVE-2010-4260Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV ...
CVE-2010-3434Buffer overflow in the find_stream_bounds function in pdf.c in ...
CVE-2010-1640Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...
CVE-2010-1639The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...
CVE-2010-1311The qtm_decompress function in libclamav/mspack.c in ClamAV before ...
CVE-2010-0405Integer overflow in the BZ2_decompress function in decompress.c in ...
CVE-2010-0098ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z ...
CVE-2010-0058freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as ...
CVE-2009-1601The Ubuntu clamav-milter.init script in clamav-milter before ...
CVE-2009-1372Stack-based buffer overflow in the cli_url_canon function in ...
CVE-2009-1371The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before ...
CVE-2009-1270libclamav/untar.c in ClamAV before 0.95 allows remote attackers to ...
CVE-2009-1241Unspecified vulnerability in ClamAV before 0.95 allows remote ...
CVE-2008-6845The unpack feature in ClamAV 0.93.3 and earlier allows remote ...
CVE-2008-6680libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...
CVE-2008-5525ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is ...
CVE-2008-5314Stack consumption vulnerability in libclamav/special.c in ClamAV ...
CVE-2008-5050Off-by-one error in the get_unicode_name function ...
CVE-2008-3914Multiple unspecified vulnerabilities in ClamAV before 0.94 have ...
CVE-2008-3913Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 ...
CVE-2008-3912libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...
CVE-2008-3215libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...
CVE-2008-2713libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...
CVE-2008-1837libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...
CVE-2008-1836The rfc2231 function in message.c in libclamav in ClamAV before 0.93 ...
CVE-2008-1835ClamAV before 0.93 allows remote attackers to bypass the scanning ...
CVE-2008-1833Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 ...
CVE-2008-1389libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows ...
CVE-2008-1387ClamAV before 0.93 allows remote attackers to cause a denial of ...
CVE-2008-1100Buffer overflow in the cli_scanpe function in libclamav ...
CVE-2008-0728The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...
CVE-2008-0318Integer overflow in the cli_scanpe function in libclamav in ClamAV ...
CVE-2008-0314Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 ...
CVE-2007-6745clamav floating point exception in OLE2 scanner DoS
CVE-2007-6596ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...
CVE-2007-6595ClamAV 0.92 allows local users to overwrite arbitrary files via a ...
CVE-2007-6337Unspecified vulnerability in the bzip2 decompression algorithm in ...
CVE-2007-6336Off-by-one error in ClamAV before 0.92 allows remote attackers to ...
CVE-2007-6335Integer overflow in libclamav in ClamAV before 0.92 allows remote ...
CVE-2007-4560clamav-milter in ClamAV before 0.91.2, when run in black hole mode, ...
CVE-2007-4510ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...
CVE-2007-3725The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows ...
CVE-2007-3123unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...
CVE-2007-3122The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...
CVE-2007-3025Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before ...
CVE-2007-3024libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 ...
CVE-2007-3023unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not ...
CVE-2007-2650The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...
CVE-2007-2029File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) ...
CVE-2007-1997Integer signedness error in the (1) cab_unstore and (2) cab_extract ...
CVE-2007-1745The chm_decompress_stream function in libclamav/chmunpack.c in Clam ...
CVE-2007-0899Possible heap overflow in libclamav/fsg.c
CVE-2007-0898Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before ...
CVE-2007-0897Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under ...
CVE-2006-6481Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a ...
CVE-2006-6406Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...
CVE-2006-5874Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ...
CVE-2006-5295Unspecified vulnerability in ClamAV before 0.88.5 allows remote ...
CVE-2006-4182Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions ...
CVE-2006-4018Heap-based buffer overflow in the pefromupx function in ...
CVE-2006-2427freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h ...
CVE-2006-1989Buffer overflow in the get_database function in the HTTP client in ...
CVE-2006-1630The cli_bitset_set function in libclamav/others.c in Clam AntiVirus ...
CVE-2006-1615Multiple format string vulnerabilities in the logging code in Clam ...
CVE-2006-1614Integer overflow in the cli_scanpe function in the PE header parser ...
CVE-2006-0162Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus ...
CVE-2005-3587Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...
CVE-2005-3501The cabd_find function in cabd.c of the libmspack library (mspack) for ...
CVE-2005-3500The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) ...
CVE-2005-3303The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...
CVE-2005-3239The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows ...
CVE-2005-3229Multiple interpretation error in unspecified versions of ClamAV ...
CVE-2005-2920Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...
CVE-2005-2919libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...
CVE-2005-2450Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...
CVE-2005-2070The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...
CVE-2005-2056The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...
CVE-2005-1923The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...
CVE-2005-1922The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...
CVE-2005-0218ClamAV 0.80 and earlier allows remote attackers to bypass virus ...
CVE-2005-0133ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...
CVE-2004-1909Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...
CVE-2004-1876The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...
CVE-2004-0270libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...
CVE-2003-0946Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...

Security announcements

DSA / DLADescription
DLA-1461-1clamav - security update
DLA-1307-1clamav - security update
DLA-1279-1clamav - security update
DLA-1261-1clamav - security update
DLA-1105-1clamav - security update
DLA-546-1clamav - security update
DLA-437-1clamav - security update
DLA-233-1clamav - security update
DLA-95-1clamav - security update
DSA-1771-1clamav - several vulnerabilities
DSA-1771-1clamav - several vulnerabilities
DSA-1680-1clamav - potential code execution
DSA-1660-1clamav - denial of service
DSA-1616-2clamav - denial of service
DSA-1549-1clamav
DSA-1497-1clamav - several vulnerabilities
DSA-1435-1clamav
DSA-1366-1clamav
DSA-1340-1clamav - null pointer dereference
DSA-1320-1clamav
DSA-1320-1clamav
DSA-1281-1clamav - several vulnerabilities
DSA-1281-1clamav - several vulnerabilities
DSA-1263-1clamav
DSA-1238-1clamav
DSA-1232-1clamav
DSA-1196-1clamav
DSA-1153clamav - buffer overflow
DSA-1050-1clamav - buffer overflow
DSA-1024-1clamav - heap overflow
DSA-947-1clamav - heap overflow
DSA-887-1clamav - several
DSA-824-1clamav - infinite loop, buffer overflow
DSA-776-1clamav - integer overflows, infinite loop
DSA-737-1clamav - various DOS vulnerabilities

Search for package or bug name: Reporting problems