Lucene search

[email protected]CVE-2014-9328

HistoryFeb 03, 2015 - 4:59 p.m.

CVE-2014-9328

2015-02-0316:59:00

CWE-119

[email protected]

web.nvd.nist.gov

clamav

cve-2014-9328

security vulnerability

heap out of bounds condition

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a “heap out of bounds condition.”

CPENameOperatorVersion
fedoraproject:fedorafedoraproject fedoraeq20
fedoraproject:fedorafedoraproject fedoraeq21
clamav:clamavclamavle0.98.5

CPE	Name	Operator	Version
fedoraproject:fedora	fedoraproject fedora	eq	20
fedoraproject:fedora	fedoraproject fedora	eq	21
clamav:clamav	clamav	le	0.98.5

References

blog.clamav.net/2015/01/clamav-0986-has-been-released.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html

lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html

lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html

lists.opensuse.org/opensuse-updates/2015-05/msg00024.html

secunia.com/advisories/62536

secunia.com/advisories/62757

securitytracker.com/id/1031672

www.securityfocus.com/bid/72372

www.ubuntu.com/usn/USN-2488-2

security.gentoo.org/glsa/201512-08

6.5 Medium

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.022 Low

EPSS

Percentile

89.3%

JSON

Related for CVE-2014-9328

nessus13 archlinux1 ubuntucve1 securityvulns2 fedora2 altlinux3 cvelist1 prion1 debiancve1 openvas12 amazon1 ubuntu2 mageia1 suse2 gentoo1 debian1 osv1