Information on source package clamav

Available versions

ReleaseVersion
jessie0.100.0+dfsg-0+deb8u1
jessie (security)0.100.3+dfsg-0+deb8u1
stretch0.100.3+dfsg-0+deb9u1
buster0.101.2+dfsg-1
bullseye0.101.2+dfsg-3
sid0.101.2+dfsg-3

Open issues

BugjessiestretchbusterbullseyesidDescription
TEMP-0934359-6122FAvulnerablevulnerable (no DSA)vulnerable (no DSA)vulnerablevulnerableclamav zip DoS

Resolved issues

BugDescription
TEMP-0535881-957F77clamav scanner bypass with archives
TEMP-0000000-DD8D83crash during algorithmic detection on crafted PE file
TEMP-0000000-DAE756clamav: DoS through multiple empty Content-Disposition header lines
TEMP-0000000-84AA65DoS against clamav through infinite loop in cli_rmdirs
TEMP-0000000-604AC4crashes on crafted upack packed file
CVE-2019-1798A vulnerability in the Portable Executable (PE) file scanning function ...
CVE-2019-1789An out-of-bounds heap read condition when scanning PE files
CVE-2019-1788A vulnerability in the Object Linking & Embedding (OLE2) file scan ...
CVE-2019-1787A vulnerability in the Portable Document Format (PDF) scanning functio ...
CVE-2019-1786A vulnerability in the Portable Document Format (PDF) scanning functio ...
CVE-2019-1785A vulnerability in the RAR file scanning functionality of Clam AntiVir ...
CVE-2018-15378A vulnerability in ClamAV versions prior to 0.100.2 could allow an att ...
CVE-2018-1000085ClamAV version version 0.99.3 contains a Out of bounds heap memory rea ...
CVE-2018-0361ClamAV before 0.100.1 lacks a PDF object length check, resulting in an ...
CVE-2018-0360ClamAV before 0.100.1 has an HWP integer overflow with a resultant inf ...
CVE-2018-0202clamscan in ClamAV before 0.99.4 contains a vulnerability that could a ...
CVE-2017-6420The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows ...
CVE-2017-6419mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows ...
CVE-2017-6418libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause ...
CVE-2017-12380ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...
CVE-2017-12379ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...
CVE-2017-12378ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...
CVE-2017-12377ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...
CVE-2017-12376ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerab ...
CVE-2017-12375The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...
CVE-2017-12374The ClamAV AntiVirus software versions 0.99.2 and prior contain a vuln ...
CVE-2017-11423The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, ...
CVE-2016-1405libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware ...
CVE-2016-1372ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...
CVE-2016-1371ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to c ...
CVE-2015-2668ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...
CVE-2015-2305Integer overflow in the regcomp implementation in the Henry Spencer BS ...
CVE-2015-2222ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...
CVE-2015-2221ClamAV before 0.98.7 allows remote attackers to cause a denial of serv ...
CVE-2015-2170The upx decoder in ClamAV before 0.98.7 allows remote attackers to cau ...
CVE-2015-1463ClamAV before 0.98.6 allows remote attackers to cause a denial of serv ...
CVE-2015-1462ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...
CVE-2015-1461ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...
CVE-2014-9328ClamAV before 0.98.6 allows remote attackers to have unspecified impac ...
CVE-2014-9050Heap-based buffer overflow in the cli_scanpe function in libclamav/pe. ...
CVE-2013-7089dbg_printhex possible information leak
CVE-2013-7088buffer overflow
CVE-2013-7087[clamav: WWPack corrupt heap memory
CVE-2013-6497clamscan in ClamAV before 0.98.5, when using -a option, allows remote ...
CVE-2013-2021pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause ...
CVE-2013-2020Integer underflow in the cli_scanpe function in pe.c in ClamAV before ...
CVE-2012-1459The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avir ...
CVE-2012-1458The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4 ...
CVE-2012-1457The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2. ...
CVE-2012-1419The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal ...
CVE-2011-3627The bytecode engine in ClamAV before 0.97.3 allows remote attackers to ...
CVE-2011-2721Off-by-one error in the cli_hm_scan function in matcher-hash.c in libc ...
CVE-2011-1003Double free vulnerability in the vba_read_project_strings function in ...
CVE-2010-4479Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96. ...
CVE-2010-4261Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ...
CVE-2010-4260Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV b ...
CVE-2010-3434Buffer overflow in the find_stream_bounds function in pdf.c in libclam ...
CVE-2010-1640Off-by-one error in the parseicon function in libclamav/pe_icons.c in ...
CVE-2010-1639The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows ...
CVE-2010-1311The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.9 ...
CVE-2010-0405Integer overflow in the BZ2_decompress function in decompress.c in bzi ...
CVE-2010-0098ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z fil ...
CVE-2010-0058freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009 ...
CVE-2009-3736ltdl.c in libltdl in GNU Libtool 1.5.x, and 2.2.6 before 2.2.6b, as us ...
CVE-2009-1601The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+df ...
CVE-2009-1372Stack-based buffer overflow in the cli_url_canon function in libclamav ...
CVE-2009-1371The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95. ...
CVE-2009-1270libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cau ...
CVE-2009-1241Unspecified vulnerability in ClamAV before 0.95 allows remote attacker ...
CVE-2008-6845The unpack feature in ClamAV 0.93.3 and earlier allows remote attacker ...
CVE-2008-6680libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause ...
CVE-2008-5525ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is us ...
CVE-2008-5314Stack consumption vulnerability in libclamav/special.c in ClamAV befor ...
CVE-2008-5050Off-by-one error in the get_unicode_name function (libclamav/vba_extra ...
CVE-2008-3914Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknow ...
CVE-2008-3913Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 mig ...
CVE-2008-3912libclamav in ClamAV before 0.94 allows attackers to cause a denial of ...
CVE-2008-3215libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to ...
CVE-2008-2713libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to ...
CVE-2008-1837libclamunrar in ClamAV before 0.93 allows remote attackers to cause a ...
CVE-2008-1836The rfc2231 function in message.c in libclamav in ClamAV before 0.93 a ...
CVE-2008-1835ClamAV before 0.93 allows remote attackers to bypass the scanning engi ...
CVE-2008-1833Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allow ...
CVE-2008-1389libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows r ...
CVE-2008-1387ClamAV before 0.93 allows remote attackers to cause a denial of servic ...
CVE-2008-1100Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe. ...
CVE-2008-0728The unmew11 function in libclamav/mew.c in libclamav in ClamAV before ...
CVE-2008-0318Integer overflow in the cli_scanpe function in libclamav in ClamAV bef ...
CVE-2008-0314Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 all ...
CVE-2007-6745clamav floating point exception in OLE2 scanner DoS
CVE-2007-6596ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows ...
CVE-2007-6595ClamAV 0.92 allows local users to overwrite arbitrary files via a syml ...
CVE-2007-6337Unspecified vulnerability in the bzip2 decompression algorithm in nsis ...
CVE-2007-6336Off-by-one error in ClamAV before 0.92 allows remote attackers to exec ...
CVE-2007-6335Integer overflow in libclamav in ClamAV before 0.92 allows remote atta ...
CVE-2007-4560clamav-milter in ClamAV before 0.91.2, when run in black hole mode, al ...
CVE-2007-4510ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and ...
CVE-2007-3725The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows u ...
CVE-2007-3123unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 a ...
CVE-2007-3122The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 all ...
CVE-2007-3025Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0 ...
CVE-2007-3024libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 use ...
CVE-2007-3023unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not proper ...
CVE-2007-2650The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to ...
CVE-2007-2029File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) all ...
CVE-2007-1997Integer signedness error in the (1) cab_unstore and (2) cab_extract fu ...
CVE-2007-1745The chm_decompress_stream function in libclamav/chmunpack.c in Clam An ...
CVE-2007-0899Possible heap overflow in libclamav/fsg.c
CVE-2007-0898Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV be ...
CVE-2007-0897Clam AntiVirus ClamAV before 0.90 does not close open file descriptors ...
CVE-2006-6481Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a deni ...
CVE-2006-6406Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus ...
CVE-2006-5874Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to ca ...
CVE-2006-5295Unspecified vulnerability in ClamAV before 0.88.5 allows remote attack ...
CVE-2006-4182Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions befor ...
CVE-2006-4018Heap-based buffer overflow in the pefromupx function in libclamav/upx. ...
CVE-2006-2427freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h a ...
CVE-2006-1989Buffer overflow in the get_database function in the HTTP client in Fre ...
CVE-2006-1630The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (C ...
CVE-2006-1615Multiple format string vulnerabilities in the logging code in Clam Ant ...
CVE-2006-1614Integer overflow in the cli_scanpe function in the PE header parser (l ...
CVE-2006-0162Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamA ...
CVE-2005-3587Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before ...
CVE-2005-3501The cabd_find function in cabd.c of the libmspack library (mspack) for ...
CVE-2005-3500The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) bef ...
CVE-2005-3303The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 ...
CVE-2005-3239The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows re ...
CVE-2005-3229Multiple interpretation error in unspecified versions of ClamAV Antivi ...
CVE-2005-2920Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0 ...
CVE-2005-2919libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote a ...
CVE-2005-2450Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file f ...
CVE-2005-2070The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used i ...
CVE-2005-2056The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.8 ...
CVE-2005-1923The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, an ...
CVE-2005-1922The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 all ...
CVE-2005-0218ClamAV 0.80 and earlier allows remote attackers to bypass virus scanni ...
CVE-2005-0133ClamAV 0.80 and earlier allows remote attackers to cause a denial of s ...
CVE-2004-1909Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...
CVE-2004-1876The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon ...
CVE-2004-0270libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a de ...
CVE-2003-0946Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 t ...

Security announcements

DSA / DLADescription
DLA-1759-1clamav - security update
DLA-1553-1clamav - security update
DLA-1461-1clamav - security update
DLA-1307-1clamav - security update
DLA-1279-1clamav - security update
DLA-1261-1clamav - security update
DLA-1105-1clamav - security update
DLA-546-1clamav - security update
DLA-437-1clamav - security update
DLA-233-1clamav - security update
DLA-95-1clamav - security update
DSA-1771-1clamav - several vulnerabilities
DSA-1771-1clamav - several vulnerabilities
DSA-1680-1clamav - potential code execution
DSA-1660-1clamav - denial of service
DSA-1616-2clamav - denial of service
DSA-1549-1clamav
DSA-1497-1clamav - several vulnerabilities
DSA-1435-1clamav
DSA-1366-1clamav
DSA-1340-1clamav - null pointer dereference
DSA-1320-1clamav
DSA-1320-1clamav
DSA-1281-1clamav - several vulnerabilities
DSA-1281-1clamav - several vulnerabilities
DSA-1263-1clamav
DSA-1238-1clamav
DSA-1232-1clamav
DSA-1196-1clamav
DSA-1153clamav - buffer overflow
DSA-1050-1clamav - buffer overflow
DSA-1024-1clamav - heap overflow
DSA-947-1clamav - heap overflow
DSA-887-1clamav - several
DSA-824-1clamav - infinite loop, buffer overflow
DSA-776-1clamav - integer overflows, infinite loop
DSA-737-1clamav - various DOS vulnerabilities

Search for package or bug name: Reporting problems