7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.331 Low
EPSS
Percentile
97.0%
Gentoo Linux Security Advisory reports:
Clam AntiVirus is vulnerable to a buffer overflow in
“libclamav/upx.c” when processing malformed UPX-packed
executables. It can also be sent into an infinite loop in
“libclamav/fsg.c” when processing specially-crafted
FSG-packed executables.
By sending a specially-crafted file an attacker could
execute arbitrary code with the permissions of the user
running Clam AntiVirus, or cause a Denial of Service.