180 matches found
DEBIAN-CVE-2025-20128
A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...
CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...
CVE-2025-20128
The vulnerability CVE-2025-20128 affects ClamAV’s OLE2 file decryption. An integer underflow in a bounds check allows a heap buffer overflow read via a crafted OLE2 content file, enabling an unauthenticated remote attacker to cause a DoS by terminating the ClamAV scanning process. Cisco’s advisor...
CVE-2025-20128 ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...
ClamAV OLE2 File Format Decryption Denial of Service Vulnerability
A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buff...
PT-2025-1255
Name of the Vulnerable Software and Affected Versions: ClamAV versions 1.0.0 through 1.4.1 Description: A vulnerability in the Object Linking and Embedding 2 OLE2 decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected...
clamav -- Possbile denial-of-service vulnerability
The ClamAV project reports: A possible buffer overflow read bug is found in the OLE2 file parser that could cause a denial-of-service DoS condition...
Medium: clamav
Issue Overview: A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in ...
Amazon Linux 2023 : clamav, clamav-data, clamav-devel (ALAS2023-2024-615)
It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2024-615 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks ...
Ubuntu 23.10 : ClamAV vulnerabilities (USN-6636-1)
The remote Ubuntu 23.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-6636-1 advisory. It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash,...
USN-6636-1: ClamAV vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20290 Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent featur...
USN-6636-1 clamav vulnerabilities
It was discovered that ClamAV incorrectly handled parsing certain OLE2 files. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a denial of service. CVE-2024-20290 Amit Schendel discovered that the ClamAV ClamD service incorrectly handled the VirusEvent featur...
Fedora 39 : clamav (2024-3439911df6)
The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-3439911df6 advisory. Update to 1.0.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
Fedora 38 : clamav (2024-c42cf0e576)
The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-c42cf0e576 advisory. Update to 1.0.5 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has not tested fo...
Denial Of Service
clamavedge is vulnerable of Denial Of Service. The vulnerability due to submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device and incorrect check for end-of-string values during scanning. It allow an attacker to cause the ClamAV scanning process to...
SUSE CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...
ClamAV 1.0.0 < 1.0.4, 1.1.x, 1.2.0 < 1.2.1 DoS
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...
FreeBSD : clamav -- Multiple vulnerabilities (68ae70c5-c5e5-11ee-9768-08002784c58d)
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 68ae70c5-c5e5-11ee-9768-08002784c58d advisory. - A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated,...
CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...
CVE-2024-20290
A vulnerability in the OLE2 file format parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service DoS condition on an affected device. This vulnerability is due to an incorrect check for end-of-string values during scanning, which may result in a heap buffer...