Lucene search
+L

180 matches found

OSV
OSV
added 2025/01/22 5:15 p.m.3 views

DEBIAN-CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

7.5CVSS6.7AI score0.01509EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/01/22 4:21 p.m.23 views

CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

5.3CVSS7.5AI score0.01509EPSS
Exploits0References2
CVE
CVE
added 2025/01/22 4:21 p.m.496 views

CVE-2025-20128

The vulnerability CVE-2025-20128 affects ClamAV’s OLE2 file decryption. An integer underflow in a bounds check allows a heap buffer overflow read via a crafted OLE2 content file, enabling an unauthenticated remote attacker to cause a DoS by terminating the ClamAV scanning process. Cisco’s advisor...

7.5CVSS5.7AI score0.01509EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2025/01/22 4:21 p.m.26 views

CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

5.3CVSS0.01509EPSS
Exploits0References2
Cisco
Cisco
added 2025/01/22 4:0 p.m.14 views

ClamAV OLE2 File Format Decryption Denial of Service Vulnerability

A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...

5.3CVSS5.8AI score0.01509EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/01/22 12:0 a.m.6 views

PT-2025-1255

Name of the Vulnerable Software and Affected Versions: ClamAV versions 1.0.0 through 1.4.1 Description: A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...

7.5CVSS7.3AI score0.04878EPSS
Exploits1References58
FreeBSD
FreeBSD
added 2025/01/22 12:0 a.m.10 views

clamav -- Possbile denial-of-service vulnerability

The ClamAV project reports: A possible buffer overflow read bug is found in the OLE2 file parser that could cause a denial-of-service DoS condition...

7.5CVSS5.6AI score0.01509EPSS
Exploits0References1
Amazon
Amazon
added 2024/05/13 12:0 a.m.11 views

Medium: clamav

Issue Overview: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in ...

7.5CVSS7.6AI score0.33558EPSS
Exploits0
Tenable Nessus
Tenable Nessus
added 2024/05/13 12:0 a.m.37 views

Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2024-615)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-615 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...

5.5AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2024/02/15 12:0 a.m.35 views

Ubuntu 23.10 : ClamAV vulnerabilities (USN-6636-1)

The remote Ubuntu 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6636-1 advisory. It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash,...

7.5CVSS7AI score0.84841EPSS
Exploits0References3
Ubuntu
Ubuntu
added 2024/02/14 4:11 p.m.35 views

USN-6636-1: ClamAV vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20290 Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent featur...

7.5CVSS7.1AI score0.84841EPSS
Exploits0
OSV
OSV
added 2024/02/14 4:11 p.m.4 views

USN-6636-1 clamav vulnerabilities

It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20290 Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent featur...

7.5CVSS7.4AI score0.84841EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/14 12:0 a.m.34 views

Fedora 39 : clamav (2024-3439911df6)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3439911df6 advisory. Update to 1.0.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

7.5CVSS6.6AI score0.84841EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/13 12:0 a.m.33 views

Fedora 38 : clamav (2024-c42cf0e576)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c42cf0e576 advisory. Update to 1.0.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...

7.5CVSS6.6AI score0.84841EPSS
Exploits0References3
Veracode
Veracode
added 2024/02/12 7:55 p.m.23 views

Denial Of Service

clamavedge is vulnerable of Denial Of Service. The vulnerability due to submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device and incorrect check for end-of-string values during scanning. It allow an attacker to cause the ClamAV scanning process to...

7.5CVSS6.5AI score0.33558EPSS
Exploits0References5Affected Software1
SUSE CVE
SUSE CVE
added 2024/02/09 3:0 a.m.3 views

SUSE CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

7.5CVSS6.9AI score0.33558EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/09 12:0 a.m.40 views

ClamAV 1.0.0 < 1.0.4, 1.1.x, 1.2.0 < 1.2.1 DoS

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

7.5CVSS7.5AI score0.33558EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2024/02/08 12:0 a.m.35 views

FreeBSD : clamav -- Multiple vulnerabilities (68ae70c5-c5e5-11ee-9768-08002784c58d)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 68ae70c5-c5e5-11ee-9768-08002784c58d advisory. - A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated,...

7.5CVSS6.8AI score0.84841EPSS
Exploits0References4
NVD
NVD
added 2024/02/07 5:15 p.m.15 views

CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

7.5CVSS7.5AI score0.33558EPSS
Exploits0References3
OSV
OSV
added 2024/02/07 5:15 p.m.6 views

CVE-2024-20290

A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...

7.5CVSS7.5AI score
Exploits0References3
Rows per page
Query Builder