Package Instance

reference_id

AVG-2722

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

reference_id

BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4

reference_id

cisco-sa-clamav-dos-vL9x58p4

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-vL9x58p4

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

reference_id

msg00004.html

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_id

N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-06T15:58:27Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_url	https://usn.ubuntu.com/5423-1/
reference_id	USN-5423-1
reference_type
scores
url	https://usn.ubuntu.com/5423-1/

reference_url	https://usn.ubuntu.com/5423-2/
reference_id	USN-5423-2
reference_type
scores
url	https://usn.ubuntu.com/5423-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2022-20796

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-2aju-u36p-gug9

url VCID-4z4r-2w8m-r7dz

vulnerability_id VCID-4z4r-2w8m-r7dz

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2023-20032

reference_id

reference_type

scores

value	0.07124
scoring_system	epss
scoring_elements	0.91564
published_at	2026-04-16T12:55:00Z

value	0.07124
scoring_system	epss
scoring_elements	0.91542
published_at	2026-04-13T12:55:00Z

value	0.07124
scoring_system	epss
scoring_elements	0.91544
published_at	2026-04-12T12:55:00Z

value	0.07305
scoring_system	epss
scoring_elements	0.91658
published_at	2026-04-07T12:55:00Z

value	0.07305
scoring_system	epss
scoring_elements	0.91677
published_at	2026-04-09T12:55:00Z

value	0.07305
scoring_system	epss
scoring_elements	0.9167
published_at	2026-04-08T12:55:00Z

value	0.07305
scoring_system	epss
scoring_elements	0.91644
published_at	2026-04-02T12:55:00Z

value	0.07305
scoring_system	epss
scoring_elements	0.9165
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20032

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20032

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509
reference_id	1031509
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509

reference_url	https://security.gentoo.org/glsa/202310-01
reference_id	GLSA-202310-01
reference_type
scores
url	https://security.gentoo.org/glsa/202310-01

reference_url	https://usn.ubuntu.com/5887-1/
reference_id	USN-5887-1
reference_type
scores
url	https://usn.ubuntu.com/5887-1/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2023-20032

risk_score 2.5

exploitability 0.5

weighted_severity 4.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-4z4r-2w8m-r7dz

url VCID-63vt-1nc8-6kfc

vulnerability_id VCID-63vt-1nc8-6kfc

summary A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2025-20260

reference_id

reference_type

scores

value	0.00739
scoring_system	epss
scoring_elements	0.72859
published_at	2026-04-09T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.7286
published_at	2026-04-13T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72811
published_at	2026-04-02T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72867
published_at	2026-04-12T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72883
published_at	2026-04-11T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72831
published_at	2026-04-04T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72807
published_at	2026-04-07T12:55:00Z

value	0.00739
scoring_system	epss
scoring_elements	0.72845
published_at	2026-04-08T12:55:00Z

value	0.01474
scoring_system	epss
scoring_elements	0.80981
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-20260

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20260

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046
reference_id	1108046
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1108046

reference_url

https://security.archlinux.org/AVG-2903

reference_id

AVG-2903

reference_type

scores

value	Critical
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-2903

reference_url

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

reference_id

clamav-143-and-109-security-patch.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2025-06-18T17:49:35Z/

url

https://blog.clamav.net/2025/06/clamav-143-and-109-security-patch.html

reference_url	https://usn.ubuntu.com/7615-1/
reference_id	USN-7615-1
reference_type
scores
url	https://usn.ubuntu.com/7615-1/

reference_url	https://usn.ubuntu.com/7615-2/
reference_id	USN-7615-2
reference_type
scores
url	https://usn.ubuntu.com/7615-2/

fixed_packages

url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2

aliases CVE-2025-20260

risk_score 4.5

exploitability 0.5

weighted_severity 9.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-63vt-1nc8-6kfc

url VCID-cc9p-w184-zfej

vulnerability_id VCID-cc9p-w184-zfej

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-3327

reference_id

reference_type

scores

value	0.07618
scoring_system	epss
scoring_elements	0.91822
published_at	2026-04-01T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.9183
published_at	2026-04-02T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91836
published_at	2026-04-04T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91845
published_at	2026-04-07T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91857
published_at	2026-04-08T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91863
published_at	2026-04-09T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91866
published_at	2026-04-11T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91867
published_at	2026-04-12T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91862
published_at	2026-04-13T12:55:00Z

value	0.07618
scoring_system	epss
scoring_elements	0.91882
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3327

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3327

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/

reference_id

3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/

reference_url

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

reference_id

clamav-01023-security-patch-released.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

reference_url

reference_id

GLSA-202007-23

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

reference_id

IJ67VH37NCG25PICGWFWZHSVG7PBT7MC

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/

reference_id

L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/

reference_url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_url

https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_id

QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/

reference_id

ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/

reference_url

reference_id

USN-4370-1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

reference_url

reference_id

USN-4370-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

reference_url

reference_id

USN-4435-1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

reference_url

reference_id

USN-4435-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:23Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20052

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2020-3327

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-cc9p-w184-zfej

url VCID-d3u3-epeb-guh9

vulnerability_id VCID-d3u3-epeb-guh9

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

reference_id

reference_type

scores

value	0.03563
scoring_system	epss
scoring_elements	0.87702
published_at	2026-04-08T12:55:00Z

value	0.03563
scoring_system	epss
scoring_elements	0.87708
published_at	2026-04-09T12:55:00Z

value	0.05699
scoring_system	epss
scoring_elements	0.90429
published_at	2026-04-16T12:55:00Z

value	0.05699
scoring_system	epss
scoring_elements	0.90421
published_at	2026-04-11T12:55:00Z

value	0.05699
scoring_system	epss
scoring_elements	0.9042
published_at	2026-04-12T12:55:00Z

value	0.05699
scoring_system	epss
scoring_elements	0.90413
published_at	2026-04-13T12:55:00Z

value	0.06327
scoring_system	epss
scoring_elements	0.90953
published_at	2026-04-07T12:55:00Z

value	0.06327
scoring_system	epss
scoring_elements	0.90942
published_at	2026-04-04T12:55:00Z

value	0.06327
scoring_system	epss
scoring_elements	0.90933
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20052

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20052

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509
reference_id	1031509
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1031509

reference_url	https://security.gentoo.org/glsa/202310-01
reference_id	GLSA-202310-01
reference_type
scores
url	https://security.gentoo.org/glsa/202310-01

reference_url	https://usn.ubuntu.com/5887-1/
reference_id	USN-5887-1
reference_type
scores
url	https://usn.ubuntu.com/5887-1/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2023-20052

risk_score 1.4

exploitability 0.5

weighted_severity 2.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-d3u3-epeb-guh9

url VCID-dn26-zfsc-ryec

vulnerability_id VCID-dn26-zfsc-ryec

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-20785

reference_id

reference_type

scores

value	0.01018
scoring_system	epss
scoring_elements	0.77146
published_at	2026-04-07T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77135
published_at	2026-04-02T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77231
published_at	2026-04-16T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77191
published_at	2026-04-13T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77194
published_at	2026-04-12T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77215
published_at	2026-04-11T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77188
published_at	2026-04-09T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77165
published_at	2026-04-04T12:55:00Z

value	0.01018
scoring_system	epss
scoring_elements	0.77179
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-20785

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_id

7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_url

reference_id

AVG-2722

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

reference_id

BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR

reference_id

cisco-sa-clamav-html-XAuOK8mR

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-html-XAuOK8mR

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

reference_id

msg00004.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_id

N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:30Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_url	https://usn.ubuntu.com/5423-1/
reference_id	USN-5423-1
reference_type
scores
url	https://usn.ubuntu.com/5423-1/

reference_url	https://usn.ubuntu.com/5423-2/
reference_id	USN-5423-2
reference_type
scores
url	https://usn.ubuntu.com/5423-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2022-20785

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-dn26-zfsc-ryec

url VCID-egd5-p68y-wfdy

vulnerability_id VCID-egd5-p68y-wfdy

summary A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2021-1404

reference_id

reference_type

scores

value	0.00448
scoring_system	epss
scoring_elements	0.63598
published_at	2026-04-16T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63579
published_at	2026-04-08T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63596
published_at	2026-04-12T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63611
published_at	2026-04-11T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63475
published_at	2026-04-01T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63534
published_at	2026-04-02T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63562
published_at	2026-04-13T12:55:00Z

value	0.00448
scoring_system	epss
scoring_elements	0.63527
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1404

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1404

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
reference_id	986622
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622

reference_url

reference_id

AVG-1787

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url

reference_id

clamav-01032-security-patch-release.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T20:02:31Z/

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url	https://usn.ubuntu.com/4918-1/
reference_id	USN-4918-1
reference_type
scores
url	https://usn.ubuntu.com/4918-1/

reference_url	https://usn.ubuntu.com/4918-2/
reference_id	USN-4918-2
reference_type
scores
url	https://usn.ubuntu.com/4918-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2021-1404

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-egd5-p68y-wfdy

url VCID-fp31-7krz-abbs

vulnerability_id VCID-fp31-7krz-abbs

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-20770

reference_id

reference_type

scores

value	0.00861
scoring_system	epss
scoring_elements	0.75044
published_at	2026-04-13T12:55:00Z

value	0.00861
scoring_system	epss
scoring_elements	0.75055
published_at	2026-04-12T12:55:00Z

value	0.00861
scoring_system	epss
scoring_elements	0.75076
published_at	2026-04-11T12:55:00Z

value	0.00861
scoring_system	epss
scoring_elements	0.75081
published_at	2026-04-16T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75405
published_at	2026-04-04T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75372
published_at	2026-04-02T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75436
published_at	2026-04-09T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75427
published_at	2026-04-08T12:55:00Z

value	0.00885
scoring_system	epss
scoring_elements	0.75384
published_at	2026-04-07T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-20770

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20770

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_id

7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_url

reference_id

AVG-2722

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

reference_id

BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd

reference_id

cisco-sa-clamav-dos-prVGcHLd

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-prVGcHLd

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

reference_id

msg00004.html

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_id

N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56

reference_type

scores

value	8.6
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:32Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_url	https://usn.ubuntu.com/5423-1/
reference_id	USN-5423-1
reference_type
scores
url	https://usn.ubuntu.com/5423-1/

reference_url	https://usn.ubuntu.com/5423-2/
reference_id	USN-5423-2
reference_type
scores
url	https://usn.ubuntu.com/5423-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2022-20770

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fp31-7krz-abbs

url VCID-ggz7-h35v-p7ep

vulnerability_id VCID-ggz7-h35v-p7ep

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-20505

reference_id

reference_type

scores

value	0.00803
scoring_system	epss
scoring_elements	0.74059
published_at	2026-04-07T12:55:00Z

value	0.00803
scoring_system	epss
scoring_elements	0.74107
published_at	2026-04-09T12:55:00Z

value	0.00803
scoring_system	epss
scoring_elements	0.74092
published_at	2026-04-08T12:55:00Z

value	0.00803
scoring_system	epss
scoring_elements	0.74062
published_at	2026-04-02T12:55:00Z

value	0.00803
scoring_system	epss
scoring_elements	0.74088
published_at	2026-04-04T12:55:00Z

value	0.0089
scoring_system	epss
scoring_elements	0.75566
published_at	2026-04-16T12:55:00Z

value	0.0089
scoring_system	epss
scoring_elements	0.75554
published_at	2026-04-11T12:55:00Z

value	0.0089
scoring_system	epss
scoring_elements	0.75532
published_at	2026-04-12T12:55:00Z

value	0.0089
scoring_system	epss
scoring_elements	0.75523
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-20505

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20505

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962
reference_id	1080962
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962

reference_url

https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

reference_id

clamav-141-132-107-and-010312-security.html

reference_type

scores

value	4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:35:13Z/

url

https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

reference_url	https://security.gentoo.org/glsa/202507-03
reference_id	GLSA-202507-03
reference_type
scores
url	https://security.gentoo.org/glsa/202507-03

reference_url	https://usn.ubuntu.com/7011-1/
reference_id	USN-7011-1
reference_type
scores
url	https://usn.ubuntu.com/7011-1/

reference_url	https://usn.ubuntu.com/7011-2/
reference_id	USN-7011-2
reference_type
scores
url	https://usn.ubuntu.com/7011-2/

fixed_packages

url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2

aliases CVE-2024-20505

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-ggz7-h35v-p7ep

url VCID-kurn-1uay-qqap

vulnerability_id VCID-kurn-1uay-qqap

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-20792

reference_id

reference_type

scores

value	0.00139
scoring_system	epss
scoring_elements	0.34059
published_at	2026-04-16T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34018
published_at	2026-04-07T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34061
published_at	2026-04-08T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34092
published_at	2026-04-09T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.3409
published_at	2026-04-11T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34048
published_at	2026-04-12T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34024
published_at	2026-04-13T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34126
published_at	2026-04-02T12:55:00Z

value	0.00139
scoring_system	epss
scoring_elements	0.34157
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-20792

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20792

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

reference_id

AVG-2722

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

reference_url

reference_id

clamav-01050-01043-01036-released.html

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-01T18:42:21Z/

url

https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2024-11-01T18:42:21Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20197

reference_url	https://usn.ubuntu.com/5423-1/
reference_id	USN-5423-1
reference_type
scores
url	https://usn.ubuntu.com/5423-1/

reference_url	https://usn.ubuntu.com/5423-2/
reference_id	USN-5423-2
reference_type
scores
url	https://usn.ubuntu.com/5423-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2022-20792

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-kurn-1uay-qqap

url VCID-mdfk-5ked-t3bu

vulnerability_id VCID-mdfk-5ked-t3bu

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.

references

reference_url

reference_id

reference_type

scores

value	0.00438
scoring_system	epss
scoring_elements	0.6316
published_at	2026-04-16T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63082
published_at	2026-04-02T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63111
published_at	2026-04-04T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63076
published_at	2026-04-07T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63128
published_at	2026-04-08T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63146
published_at	2026-04-09T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63163
published_at	2026-04-11T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63148
published_at	2026-04-12T12:55:00Z

value	0.00438
scoring_system	epss
scoring_elements	0.63125
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2023-20197

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-20197

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057
reference_id	1050057
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1050057

reference_url	https://security.gentoo.org/glsa/202507-03
reference_id	GLSA-202507-03
reference_type
scores
url	https://security.gentoo.org/glsa/202507-03

reference_url	https://usn.ubuntu.com/6303-1/
reference_id	USN-6303-1
reference_type
scores
url	https://usn.ubuntu.com/6303-1/

reference_url	https://usn.ubuntu.com/6303-2/
reference_id	USN-6303-2
reference_type
scores
url	https://usn.ubuntu.com/6303-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2023-20197

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mdfk-5ked-t3bu

url VCID-mu6w-nub4-z3ef

vulnerability_id VCID-mu6w-nub4-z3ef

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-20698

reference_id

reference_type

scores

value	0.00243
scoring_system	epss
scoring_elements	0.47614
published_at	2026-04-16T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47528
published_at	2026-04-02T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47497
published_at	2026-04-07T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47552
published_at	2026-04-08T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47548
published_at	2026-04-12T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47572
published_at	2026-04-11T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47556
published_at	2026-04-13T12:55:00Z

value	0.00243
scoring_system	epss
scoring_elements	0.47549
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-20698

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20698

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html

reference_id

clamav-01035-and-01042-security-patch.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:57Z/

url

https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:57Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1405

reference_url	https://usn.ubuntu.com/5233-1/
reference_id	USN-5233-1
reference_type
scores
url	https://usn.ubuntu.com/5233-1/

reference_url	https://usn.ubuntu.com/5233-2/
reference_id	USN-5233-2
reference_type
scores
url	https://usn.ubuntu.com/5233-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2022-20698

risk_score 2.6

exploitability 0.5

weighted_severity 5.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mu6w-nub4-z3ef

url VCID-new8-u5x9-nkeb

vulnerability_id VCID-new8-u5x9-nkeb

summary

A vulnerability in ClamAV could lead to a Denial of Service
    condition.

references

reference_url

reference_id

reference_type

scores

value	0.01493
scoring_system	epss
scoring_elements	0.81005
published_at	2026-04-01T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81014
published_at	2026-04-02T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81037
published_at	2026-04-07T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81064
published_at	2026-04-08T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81071
published_at	2026-04-09T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81089
published_at	2026-04-11T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81075
published_at	2026-04-12T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81068
published_at	2026-04-13T12:55:00Z

value	0.01493
scoring_system	epss
scoring_elements	0.81106
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1405

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1405

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
reference_id	986622
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622

reference_url

reference_id

AVG-1787

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url

reference_id

clamav-01032-security-patch-release.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T20:02:34Z/

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url

https://security.gentoo.org/glsa/202104-07

reference_id

GLSA-202104-07

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T20:02:34Z/

url

https://security.gentoo.org/glsa/202104-07

reference_url

https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html

reference_id

msg00012.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T20:02:34Z/

url

https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html

reference_url	https://usn.ubuntu.com/4918-1/
reference_id	USN-4918-1
reference_type
scores
url	https://usn.ubuntu.com/4918-1/

reference_url	https://usn.ubuntu.com/4918-2/
reference_id	USN-4918-2
reference_type
scores
url	https://usn.ubuntu.com/4918-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2021-1405

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-new8-u5x9-nkeb

url VCID-tzph-y73s-6qb9

vulnerability_id VCID-tzph-y73s-6qb9

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2022-20771

reference_id

reference_type

scores

value	0.00983
scoring_system	epss
scoring_elements	0.76797
published_at	2026-04-13T12:55:00Z

value	0.00983
scoring_system	epss
scoring_elements	0.76804
published_at	2026-04-12T12:55:00Z

value	0.00983
scoring_system	epss
scoring_elements	0.76824
published_at	2026-04-11T12:55:00Z

value	0.00983
scoring_system	epss
scoring_elements	0.76839
published_at	2026-04-16T12:55:00Z

value	0.0101
scoring_system	epss
scoring_elements	0.77057
published_at	2026-04-07T12:55:00Z

value	0.0101
scoring_system	epss
scoring_elements	0.77047
published_at	2026-04-02T12:55:00Z

value	0.0101
scoring_system	epss
scoring_elements	0.77076
published_at	2026-04-04T12:55:00Z

value	0.0101
scoring_system	epss
scoring_elements	0.77099
published_at	2026-04-09T12:55:00Z

value	0.0101
scoring_system	epss
scoring_elements	0.77089
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2022-20771

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20771

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_id

7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7RV6BLIATIJE74SQ6NG5ZC4JK5MMDQ2R/

reference_url

reference_id

AVG-2722

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

reference_id

BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BX5ZXNHP4NFYQ5BFSKY3WT7NTBZUYG7L/

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG

reference_id

cisco-sa-clamav-dos-ZAZBwRVG

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-dos-ZAZBwRVG

reference_url

reference_id

GLSA-202310-01

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

reference_id

msg00004.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://lists.debian.org/debian-lts-announce/2022/06/msg00004.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_id

N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-06T16:01:31Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/N4NNBIJVG6Z4PDIKUZXTYXICYUAYAZ56/

reference_url	https://usn.ubuntu.com/5423-1/
reference_id	USN-5423-1
reference_type
scores
url	https://usn.ubuntu.com/5423-1/

reference_url	https://usn.ubuntu.com/5423-2/
reference_id	USN-5423-2
reference_type
scores
url	https://usn.ubuntu.com/5423-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.10%252Bdfsg-0%252Bdeb11u1

aliases CVE-2022-20771

risk_score 4.0

exploitability 0.5

weighted_severity 8.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-tzph-y73s-6qb9

url VCID-vbmy-urt6-myha

vulnerability_id VCID-vbmy-urt6-myha

summary A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-3341

reference_id

reference_type

scores

value	0.04089
scoring_system	epss
scoring_elements	0.88522
published_at	2026-04-01T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.8853
published_at	2026-04-02T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88547
published_at	2026-04-04T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88551
published_at	2026-04-07T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88569
published_at	2026-04-08T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88574
published_at	2026-04-09T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88586
published_at	2026-04-11T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88578
published_at	2026-04-12T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88579
published_at	2026-04-13T12:55:00Z

value	0.04089
scoring_system	epss
scoring_elements	0.88592
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3341

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3341

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/

reference_id

3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/

reference_url

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

reference_id

clamav-01023-security-patch-released.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/

reference_id

L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/

reference_url

https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/

reference_id

ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/

reference_url

reference_id

USN-4370-1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

reference_url

reference_id

USN-4370-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:21:21Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2025-20128

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2020-3341

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vbmy-urt6-myha

url VCID-vdhk-r67a-s3fr

vulnerability_id VCID-vdhk-r67a-s3fr

summary A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

references

reference_url

reference_id

reference_type

scores

value	0.01581
scoring_system	epss
scoring_elements	0.81585
published_at	2026-04-12T12:55:00Z

value	0.01581
scoring_system	epss
scoring_elements	0.81598
published_at	2026-04-11T12:55:00Z

value	0.01581
scoring_system	epss
scoring_elements	0.81616
published_at	2026-04-16T12:55:00Z

value	0.01581
scoring_system	epss
scoring_elements	0.81578
published_at	2026-04-13T12:55:00Z

value	0.01625
scoring_system	epss
scoring_elements	0.81819
published_at	2026-04-07T12:55:00Z

value	0.01625
scoring_system	epss
scoring_elements	0.81799
published_at	2026-04-02T12:55:00Z

value	0.01625
scoring_system	epss
scoring_elements	0.81822
published_at	2026-04-04T12:55:00Z

value	0.01625
scoring_system	epss
scoring_elements	0.81845
published_at	2026-04-08T12:55:00Z

value	0.01625
scoring_system	epss
scoring_elements	0.81852
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2025-20128

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-20128

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880
reference_id	1093880
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1093880

reference_url

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

reference_id

cisco-sa-clamav-ole2-H549rphA

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/

url

https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA

reference_url

https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

reference_id

clamav-142-and-108-security-patch.html

reference_type

scores

value	5.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-01-22T16:54:39Z/

url

https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html

reference_url	https://usn.ubuntu.com/7229-1/
reference_id	USN-7229-1
reference_type
scores
url	https://usn.ubuntu.com/7229-1/

fixed_packages

url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2

aliases CVE-2025-20128

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-vdhk-r67a-s3fr

url VCID-wjvc-p75d-p3a9

vulnerability_id VCID-wjvc-p75d-p3a9

summary Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2024-20506

reference_id

reference_type

scores

value	0.00036
scoring_system	epss
scoring_elements	0.10742
published_at	2026-04-16T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10938
published_at	2026-04-11T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10905
published_at	2026-04-12T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10883
published_at	2026-04-13T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10918
published_at	2026-04-02T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10982
published_at	2026-04-04T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10808
published_at	2026-04-07T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10884
published_at	2026-04-08T12:55:00Z

value	0.00036
scoring_system	epss
scoring_elements	0.10937
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2024-20506

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-20506

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962
reference_id	1080962
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080962

reference_url

https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

reference_id

clamav-141-132-107-and-010312-security.html

reference_type

scores

value	6.1
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-09-05T13:34:43Z/

url

https://blog.clamav.net/2024/09/clamav-141-132-107-and-010312-security.html

reference_url	https://security.gentoo.org/glsa/202507-03
reference_id	GLSA-202507-03
reference_type
scores
url	https://security.gentoo.org/glsa/202507-03

reference_url	https://usn.ubuntu.com/7011-1/
reference_id	USN-7011-1
reference_type
scores
url	https://usn.ubuntu.com/7011-1/

reference_url	https://usn.ubuntu.com/7011-2/
reference_id	USN-7011-2
reference_type
scores
url	https://usn.ubuntu.com/7011-2/

fixed_packages

url pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

purl pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-5kba-63mx-hya7

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@1.4.3%252Bdfsg-1~deb12u2

aliases CVE-2024-20506

risk_score 1.6

exploitability 0.5

weighted_severity 3.2

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-wjvc-p75d-p3a9

url VCID-xfzw-afgg-fqdc

vulnerability_id VCID-xfzw-afgg-fqdc

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-3481

reference_id

reference_type

scores

value	0.02963
scoring_system	epss
scoring_elements	0.86421
published_at	2026-04-01T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86432
published_at	2026-04-02T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86451
published_at	2026-04-07T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.8647
published_at	2026-04-08T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.8648
published_at	2026-04-09T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86495
published_at	2026-04-11T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86492
published_at	2026-04-12T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86487
published_at	2026-04-13T12:55:00Z

value	0.02963
scoring_system	epss
scoring_elements	0.86502
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3481

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3481

reference_url

https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html

reference_id

clamav-01024-security-patch-released.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html

reference_url

reference_id

GLSA-202007-23

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

reference_id

IJ67VH37NCG25PICGWFWZHSVG7PBT7MC

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_id

QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_url

reference_id

USN-4435-1

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

reference_url

reference_id

USN-4435-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-13T17:13:21Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1252

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2020-3481

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xfzw-afgg-fqdc

url VCID-xwgq-w8k4-xbcn

vulnerability_id VCID-xwgq-w8k4-xbcn

summary A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

references

reference_url

reference_id

reference_type

scores

value	0.00539
scoring_system	epss
scoring_elements	0.67625
published_at	2026-04-16T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67637
published_at	2026-04-11T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67623
published_at	2026-04-12T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.6759
published_at	2026-04-13T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67514
published_at	2026-04-01T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.6755
published_at	2026-04-02T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67571
published_at	2026-04-04T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67549
published_at	2026-04-07T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.676
published_at	2026-04-08T12:55:00Z

value	0.00539
scoring_system	epss
scoring_elements	0.67614
published_at	2026-04-09T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2021-1252

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1252

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622
reference_id	986622
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=986622

reference_url

reference_id

AVG-1787

reference_type

scores

value	Low
scoring_system	archlinux
scoring_elements

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url

reference_id

clamav-01032-security-patch-release.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-08T20:02:36Z/

url

https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html

reference_url	https://usn.ubuntu.com/4918-1/
reference_id	USN-4918-1
reference_type
scores
url	https://usn.ubuntu.com/4918-1/

reference_url	https://usn.ubuntu.com/4918-2/
reference_id	USN-4918-2
reference_type
scores
url	https://usn.ubuntu.com/4918-2/

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2021-1252

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-xwgq-w8k4-xbcn

url VCID-zeub-1qhs-pyfh

vulnerability_id VCID-zeub-1qhs-pyfh

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2020-3350

reference_id

reference_type

scores

value	0.00131
scoring_system	epss
scoring_elements	0.32519
published_at	2026-04-01T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32668
published_at	2026-04-02T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32703
published_at	2026-04-04T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32524
published_at	2026-04-07T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32571
published_at	2026-04-16T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32598
published_at	2026-04-09T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32599
published_at	2026-04-11T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32562
published_at	2026-04-12T12:55:00Z

value	0.00131
scoring_system	epss
scoring_elements	0.32535
published_at	2026-04-13T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3350

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3350

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	6.3
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

reference_id

cisco-sa-famp-ZEpdXy

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-famp-ZEpdXy

reference_url

reference_id

GLSA-202007-23

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

reference_id

IJ67VH37NCG25PICGWFWZHSVG7PBT7MC

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/

reference_url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_id

msg00010.html

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html

reference_url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_id

QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/

reference_url

reference_id

USN-4435-1

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

reference_url

reference_id

USN-4435-2

reference_type

scores

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:27:39Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html

fixed_packages

url pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

purl pkg:deb/debian/clamav@0.103.6%2Bdfsg-0%2Bdeb10u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.103.6%252Bdfsg-0%252Bdeb10u1

aliases CVE-2020-3350

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-zeub-1qhs-pyfh

Fixing_vulnerabilities

url VCID-1346-uavy-pbdb

vulnerability_id VCID-1346-uavy-pbdb

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1787

reference_id

reference_type

scores

value	0.05473
scoring_system	epss
scoring_elements	0.90157
published_at	2026-04-01T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.9016
published_at	2026-04-02T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90172
published_at	2026-04-04T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90177
published_at	2026-04-07T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90193
published_at	2026-04-08T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90198
published_at	2026-04-09T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90207
published_at	2026-04-11T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90206
published_at	2026-04-12T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90201
published_at	2026-04-13T12:55:00Z

value	0.05473
scoring_system	epss
scoring_elements	0.90219
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1787

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1787

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1787

reference_id

CVE-2019-1787

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1787

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:55Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html

reference_url	https://usn.ubuntu.com/3940-1/
reference_id	USN-3940-1
reference_type
scores
url	https://usn.ubuntu.com/3940-1/

reference_url	https://usn.ubuntu.com/3940-2/
reference_id	USN-3940-2
reference_type
scores
url	https://usn.ubuntu.com/3940-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1787

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-1346-uavy-pbdb

url VCID-32nc-x9aw-a3fb

vulnerability_id VCID-32nc-x9aw-a3fb

summary ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:22:32Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:22:32Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12625

reference_id

reference_type

scores

value	0.0214
scoring_system	epss
scoring_elements	0.84232
published_at	2026-04-16T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84153
published_at	2026-04-02T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84201
published_at	2026-04-09T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84219
published_at	2026-04-11T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84214
published_at	2026-04-12T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.8421
published_at	2026-04-13T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.8414
published_at	2026-04-01T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84171
published_at	2026-04-04T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84173
published_at	2026-04-07T12:55:00Z

value	0.0214
scoring_system	epss
scoring_elements	0.84195
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12625

reference_url

https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:22:32Z/

url

https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12625
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12625

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359
reference_id	934359
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-12625

reference_id

CVE-2019-12625

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-12625

reference_url	https://usn.ubuntu.com/4146-1/
reference_id	USN-4146-1
reference_type
scores
url	https://usn.ubuntu.com/4146-1/

reference_url	https://usn.ubuntu.com/4146-2/
reference_id	USN-4146-2
reference_type
scores
url	https://usn.ubuntu.com/4146-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-12625

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-32nc-x9aw-a3fb

url VCID-5hnm-hz17-2bey

vulnerability_id VCID-5hnm-hz17-2bey

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-15961

reference_id

reference_type

scores

value	0.02206
scoring_system	epss
scoring_elements	0.84373
published_at	2026-04-01T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84388
published_at	2026-04-02T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84408
published_at	2026-04-04T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84411
published_at	2026-04-07T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84432
published_at	2026-04-08T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84437
published_at	2026-04-09T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84456
published_at	2026-04-11T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.8445
published_at	2026-04-12T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84446
published_at	2026-04-13T12:55:00Z

value	0.02206
scoring_system	epss
scoring_elements	0.84468
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-15961

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-15961

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945265
reference_id	945265
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=945265

reference_url

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

reference_id

CSCvr56010

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:50Z/

url

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010

reference_url

reference_id

GLSA-202003-46

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:50Z/

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

reference_url

reference_id

msg00016.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:50Z/

url

https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html

reference_url

https://bugzilla.clamav.net/show_bug.cgi?id=12380

reference_id

show_bug.cgi?id=12380

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:50Z/

url

https://bugzilla.clamav.net/show_bug.cgi?id=12380

reference_url	https://usn.ubuntu.com/4230-1/
reference_id	USN-4230-1
reference_type
scores
url	https://usn.ubuntu.com/4230-1/

reference_url

https://usn.ubuntu.com/4230-2/

reference_id

USN-4230-2

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:50Z/

url

https://usn.ubuntu.com/4230-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-15961

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-5hnm-hz17-2bey

url VCID-7dcd-v8q9-b3bv

vulnerability_id VCID-7dcd-v8q9-b3bv

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-15378

reference_id

reference_type

scores

value	0.01624
scoring_system	epss
scoring_elements	0.81783
published_at	2026-04-01T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81817
published_at	2026-04-04T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81814
published_at	2026-04-07T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.8184
published_at	2026-04-08T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81847
published_at	2026-04-09T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81866
published_at	2026-04-11T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81854
published_at	2026-04-12T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81849
published_at	2026-04-13T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81886
published_at	2026-04-16T12:55:00Z

value	0.01624
scoring_system	epss
scoring_elements	0.81794
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-15378

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15378
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-15378

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://secuniaresearch.flexerasoftware.com/advisories/83000/

reference_id

83000

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://secuniaresearch.flexerasoftware.com/advisories/83000/

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910430
reference_id	910430
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=910430

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html

reference_url

reference_id

msg00014.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://lists.debian.org/debian-lts-announce/2018/10/msg00014.html

reference_url

https://bugzilla.clamav.net/show_bug.cgi?id=12170

reference_id

show_bug.cgi?id=12170

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://bugzilla.clamav.net/show_bug.cgi?id=12170

reference_url

https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html

reference_id

SR-2018-23.html

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://www.flexera.com/company/secunia-research/advisories/SR-2018-23.html

reference_url

https://usn.ubuntu.com/3789-1/

reference_id

USN-3789-1

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://usn.ubuntu.com/3789-1/

reference_url

https://usn.ubuntu.com/3789-2/

reference_id

USN-3789-2

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-25T18:47:40Z/

url

https://usn.ubuntu.com/3789-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2018-15378

risk_score 1.9

exploitability 0.5

weighted_severity 3.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-7dcd-v8q9-b3bv

url VCID-8s2g-2brb-tfhq

vulnerability_id VCID-8s2g-2brb-tfhq

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1786

reference_id

reference_type

scores

value	0.03741
scoring_system	epss
scoring_elements	0.87954
published_at	2026-04-01T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.87964
published_at	2026-04-02T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.87978
published_at	2026-04-04T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.87982
published_at	2026-04-07T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.88002
published_at	2026-04-08T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.88009
published_at	2026-04-09T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.8802
published_at	2026-04-11T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.88013
published_at	2026-04-13T12:55:00Z

value	0.03741
scoring_system	epss
scoring_elements	0.88027
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1786

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12149

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:57Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12149

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12168

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:57Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12168

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1786
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1786

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.0:::::::*
reference_id	cpe:2.3:a:clamav:clamav:0.101.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.1:::::::*
reference_id	cpe:2.3:a:clamav:clamav:0.101.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1786

reference_id

CVE-2019-1786

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1786

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:57Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1789

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1786

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-8s2g-2brb-tfhq

url VCID-a4nz-5cr8-13an

vulnerability_id VCID-a4nz-5cr8-13an

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	0.00596
scoring_system	epss
scoring_elements	0.69388
published_at	2026-04-16T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.69357
published_at	2026-04-09T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.69379
published_at	2026-04-11T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.69363
published_at	2026-04-12T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.6935
published_at	2026-04-13T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.6928
published_at	2026-04-01T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.69293
published_at	2026-04-02T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.6931
published_at	2026-04-04T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.6929
published_at	2026-04-07T12:55:00Z

value	0.00596
scoring_system	epss
scoring_elements	0.6934
published_at	2026-04-08T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1789

reference_url

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:22:31Z/

url

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1789

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1789

reference_id

CVE-2019-1789

reference_type

scores

value	5.0
scoring_system	cvssv2
scoring_elements	AV:N/AC:L/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1789

reference_url	https://security.gentoo.org/glsa/201904-12
reference_id	GLSA-201904-12
reference_type
scores
url	https://security.gentoo.org/glsa/201904-12

reference_url	https://usn.ubuntu.com/3940-1/
reference_id	USN-3940-1
reference_type
scores
url	https://usn.ubuntu.com/3940-1/

reference_url	https://usn.ubuntu.com/3940-2/
reference_id	USN-3940-2
reference_type
scores
url	https://usn.ubuntu.com/3940-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1789

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-a4nz-5cr8-13an

url VCID-h46v-x33x-t3ep

vulnerability_id VCID-h46v-x33x-t3ep

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0360

reference_id

reference_type

scores

value	0.01215
scoring_system	epss
scoring_elements	0.78974
published_at	2026-04-01T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.78981
published_at	2026-04-02T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79006
published_at	2026-04-04T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.78991
published_at	2026-04-07T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79015
published_at	2026-04-08T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79022
published_at	2026-04-09T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79046
published_at	2026-04-11T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.7903
published_at	2026-04-12T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.7902
published_at	2026-04-13T12:55:00Z

value	0.01215
scoring_system	epss
scoring_elements	0.79048
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0360

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0360

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html

reference_url

https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://secuniaresearch.flexerasoftware.com/secunia_research/2018-12/

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0360

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:12.04::::esm:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_id	cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:18.04::::lts:::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

reference_id

CVE-2018-0360

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	5.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0360

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://usn.ubuntu.com/3722-1/

reference_url

reference_id

USN-3722-1

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://usn.ubuntu.com/3722-1/

reference_url

https://usn.ubuntu.com/3722-2/

reference_id

USN-3722-2

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:29Z/

url

https://usn.ubuntu.com/3722-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2018-0360

risk_score 2.5

exploitability 0.5

weighted_severity 5.0

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-h46v-x33x-t3ep

url VCID-mufb-kvfq-mubz

vulnerability_id VCID-mufb-kvfq-mubz

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1785

reference_id

reference_type

scores

value	0.00303
scoring_system	epss
scoring_elements	0.53517
published_at	2026-04-01T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53566
published_at	2026-04-04T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53535
published_at	2026-04-07T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53585
published_at	2026-04-08T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53581
published_at	2026-04-09T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53631
published_at	2026-04-11T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53613
published_at	2026-04-12T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53596
published_at	2026-04-13T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.53633
published_at	2026-04-16T12:55:00Z

value	0.00303
scoring_system	epss
scoring_elements	0.5354
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1785

reference_url

https://bugzilla.clamav.net/show_bug.cgi?id=12284

reference_id

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-19T17:21:23Z/

url

https://bugzilla.clamav.net/show_bug.cgi?id=12284

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1785

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.0:::::::*
reference_id	cpe:2.3:a:clamav:clamav:0.101.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.1:::::::*
reference_id	cpe:2.3:a:clamav:clamav:0.101.1:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav:0.101.1:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1785

reference_id

CVE-2019-1785

reference_type

scores

value	6.8
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:P/I:P/A:P

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	7.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1785

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	9.8
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2024-11-19T17:21:23Z/

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1785

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-mufb-kvfq-mubz

url VCID-n51n-m2r7-kbdy

vulnerability_id VCID-n51n-m2r7-kbdy

summary bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail).

references

reference_url

reference_id

reference_type

scores

value	4.4
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2019-12900.json

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-12900

reference_id

reference_type

scores

value	0.01111
scoring_system	epss
scoring_elements	0.7818
published_at	2026-04-16T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78146
published_at	2026-04-13T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.7815
published_at	2026-04-12T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78168
published_at	2026-04-11T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78143
published_at	2026-04-09T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78137
published_at	2026-04-08T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78111
published_at	2026-04-07T12:55:00Z

value	0.01111
scoring_system	epss
scoring_elements	0.78129
published_at	2026-04-04T12:55:00Z

value	0.01132
scoring_system	epss
scoring_elements	0.78283
published_at	2026-04-01T12:55:00Z

value	0.01132
scoring_system	epss
scoring_elements	0.7829
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-12900

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12900

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.4
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2332075
reference_id	2332075
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2332075

reference_url

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

reference_id

74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://gitlab.com/federicomenaquintero/bzip2/commit/74de1e2e6ffc9d51ef9824db71a8ffee5962cdbc

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930886
reference_id	930886
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=930886

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359
reference_id	934359
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=934359

reference_url

https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS

reference_id

K68713584?utm_source=f5support&amp%3Butm_medium=RSS

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://support.f5.com/csp/article/K68713584?utm_source=f5support&amp%3Butm_medium=RSS

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html

reference_id

msg00012.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00012.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html

reference_id

msg00014.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://lists.debian.org/debian-lts-announce/2019/07/msg00014.html

reference_url

https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html

reference_id

msg00018.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://lists.debian.org/debian-lts-announce/2019/10/msg00018.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html

reference_id

msg00040.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00040.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html

reference_id

msg00050.html

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-08/msg00050.html

reference_url

https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E

reference_id

rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://lists.apache.org/thread.html/rce8cd8c30f60604b580ea01bebda8a671a25c9a1629f409fc24e7774%40%3Cuser.flink.apache.org%3E

reference_url

https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E

reference_id

rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://lists.apache.org/thread.html/rda98305669476c4d90cc8527c4deda7e449019dd1fe9936b56671dd4%40%3Cuser.flink.apache.org%3E

reference_url	https://access.redhat.com/errata/RHSA-2024:10803
reference_id	RHSA-2024:10803
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:10803

reference_url	https://access.redhat.com/errata/RHSA-2024:8922
reference_id	RHSA-2024:8922
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2024:8922

reference_url	https://access.redhat.com/errata/RHSA-2025:0733
reference_id	RHSA-2025:0733
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0733

reference_url	https://access.redhat.com/errata/RHSA-2025:0925
reference_id	RHSA-2025:0925
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:0925

reference_url	https://access.redhat.com/errata/RHSA-2025:1154
reference_id	RHSA-2025:1154
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2025:1154

reference_url

https://usn.ubuntu.com/4038-1/

reference_id

USN-4038-1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://usn.ubuntu.com/4038-1/

reference_url

https://usn.ubuntu.com/4038-2/

reference_id

USN-4038-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://usn.ubuntu.com/4038-2/

reference_url

https://usn.ubuntu.com/4146-1/

reference_id

USN-4146-1

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://usn.ubuntu.com/4146-1/

reference_url

https://usn.ubuntu.com/4146-2/

reference_id

USN-4146-2

reference_type

scores

value	9.8
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:T/P:M/B:A/M:M/D:T/2025-06-09T15:54:12Z/

url

https://usn.ubuntu.com/4146-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-12900

risk_score 4.4

exploitability 0.5

weighted_severity 8.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-n51n-m2r7-kbdy

url VCID-nu3x-4yc8-ufg6

vulnerability_id VCID-nu3x-4yc8-ufg6

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2018-0361

reference_id

reference_type

scores

value	0.00719
scoring_system	epss
scoring_elements	0.72399
published_at	2026-04-01T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.724
published_at	2026-04-07T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72438
published_at	2026-04-08T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72451
published_at	2026-04-09T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72474
published_at	2026-04-11T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72456
published_at	2026-04-12T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72446
published_at	2026-04-13T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72488
published_at	2026-04-16T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72404
published_at	2026-04-02T12:55:00Z

value	0.00719
scoring_system	epss
scoring_elements	0.72422
published_at	2026-04-04T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2018-0361

reference_url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:27Z/

url

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0361

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	5.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:27Z/

url

https://lists.debian.org/debian-lts-announce/2018/08/msg00020.html

reference_url

reference_id

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:27Z/

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0361

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url

reference_id

CVE-2018-0361

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	3.3
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L

url

https://nvd.nist.gov/vuln/detail/CVE-2018-0361

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-11-29T14:37:27Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html

reference_url	https://usn.ubuntu.com/3722-1/
reference_id	USN-3722-1
reference_type
scores
url	https://usn.ubuntu.com/3722-1/

reference_url	https://usn.ubuntu.com/3722-2/
reference_id	USN-3722-2
reference_type
scores
url	https://usn.ubuntu.com/3722-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2018-0361

risk_score 1.9

exploitability 0.5

weighted_severity 3.9

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-nu3x-4yc8-ufg6

url VCID-p5hg-2rdb-z3hq

vulnerability_id VCID-p5hg-2rdb-z3hq

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html

reference_url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/

url

http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html

reference_url

https://api.first.org/data/v1/epss?cve=CVE-2019-1788

reference_id

reference_type

scores

value	0.09531
scoring_system	epss
scoring_elements	0.92856
published_at	2026-04-16T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.92827
published_at	2026-04-02T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.9283
published_at	2026-04-04T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.92829
published_at	2026-04-07T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.92838
published_at	2026-04-08T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.92841
published_at	2026-04-09T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.92846
published_at	2026-04-13T12:55:00Z

value	0.09531
scoring_system	epss
scoring_elements	0.9282
published_at	2026-04-01T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1788

reference_url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/

url

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12166

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1788

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	8.2
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url

https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/

url

https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_id	cpe:2.3:o:debian:debian_linux:8.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:8.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_id	cpe:2.3:o:opensuse:leap:15.0:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:15.0:::::::*

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_id	cpe:2.3:o:opensuse:leap:42.3:::::::*
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:opensuse:leap:42.3:::::::*

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1788

reference_id

CVE-2019-1788

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1788

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:54Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1798

reference_url	https://usn.ubuntu.com/3940-1/
reference_id	USN-3940-1
reference_type
scores
url	https://usn.ubuntu.com/3940-1/

reference_url	https://usn.ubuntu.com/3940-2/
reference_id	USN-3940-2
reference_type
scores
url	https://usn.ubuntu.com/3940-2/

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1788

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-p5hg-2rdb-z3hq

url VCID-qacw-bby8-9kdg

vulnerability_id VCID-qacw-bby8-9kdg

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	0.01577
scoring_system	epss
scoring_elements	0.81492
published_at	2026-04-01T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81525
published_at	2026-04-04T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81523
published_at	2026-04-07T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81551
published_at	2026-04-08T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81556
published_at	2026-04-09T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81576
published_at	2026-04-11T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81564
published_at	2026-04-12T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81557
published_at	2026-04-13T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81594
published_at	2026-04-16T12:55:00Z

value	0.01577
scoring_system	epss
scoring_elements	0.81503
published_at	2026-04-02T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2019-1798

reference_url

https://bugzilla.clamav.net/show_bug.cgi?id=12262

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:52Z/

url

https://bugzilla.clamav.net/show_bug.cgi?id=12262

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1798

reference_url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

reference_url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::
reference_id	cpe:2.3:a:clamav:clamav::::::::
reference_type
scores
url	https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:clamav:clamav::::::::

reference_url

https://nvd.nist.gov/vuln/detail/CVE-2019-1798

reference_id

CVE-2019-1798

reference_type

scores

value	4.3
scoring_system	cvssv2
scoring_elements	AV:N/AC:M/Au:N/C:N/I:N/A:P

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	5.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

url

https://nvd.nist.gov/vuln/detail/CVE-2019-1798

reference_url

reference_id

GLSA-201904-12

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-19T17:24:52Z/

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3123

fixed_packages

url pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

purl pkg:deb/debian/clamav@0.102.3%2Bdfsg-0~deb9u1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2aju-u36p-gug9

vulnerability	VCID-4z4r-2w8m-r7dz

vulnerability	VCID-63vt-1nc8-6kfc

vulnerability	VCID-cc9p-w184-zfej

vulnerability	VCID-d3u3-epeb-guh9

vulnerability	VCID-dn26-zfsc-ryec

vulnerability	VCID-egd5-p68y-wfdy

vulnerability	VCID-fp31-7krz-abbs

vulnerability	VCID-ggz7-h35v-p7ep

vulnerability	VCID-kurn-1uay-qqap

vulnerability	VCID-mdfk-5ked-t3bu

vulnerability	VCID-mu6w-nub4-z3ef

vulnerability	VCID-new8-u5x9-nkeb

vulnerability	VCID-tzph-y73s-6qb9

vulnerability	VCID-vbmy-urt6-myha

vulnerability	VCID-vdhk-r67a-s3fr

vulnerability	VCID-wjvc-p75d-p3a9

vulnerability	VCID-xfzw-afgg-fqdc

vulnerability	VCID-xwgq-w8k4-xbcn

vulnerability	VCID-zeub-1qhs-pyfh

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/clamav@0.102.3%252Bdfsg-0~deb9u1

aliases CVE-2019-1798

risk_score 3.4

exploitability 0.5

weighted_severity 6.8

resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-qacw-bby8-9kdg

url VCID-u3pj-kant-effb

vulnerability_id VCID-u3pj-kant-effb

summary

Multiple vulnerabilities have been found in ClamAV, the worst of
    which could result in a Denial of Service condition.

references

reference_url

reference_id

reference_type

scores

value	0.02399
scoring_system	epss
scoring_elements	0.84973
published_at	2026-04-01T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.84987
published_at	2026-04-02T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85004
published_at	2026-04-04T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85009
published_at	2026-04-07T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85031
published_at	2026-04-08T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85038
published_at	2026-04-09T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85054
published_at	2026-04-11T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85053
published_at	2026-04-12T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.85049
published_at	2026-04-13T12:55:00Z

value	0.02399
scoring_system	epss
scoring_elements	0.8507
published_at	2026-04-16T12:55:00Z

url

https://api.first.org/data/v1/epss?cve=CVE-2020-3123

reference_url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123
reference_id
reference_type
scores
url	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3123

reference_url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950944
reference_id	950944
reference_type
scores
url	https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=950944

reference_url

https://security.archlinux.org/AVG-1168

reference_id

AVG-1168

reference_type

scores

value	High
scoring_system	archlinux
scoring_elements

url

https://security.archlinux.org/AVG-1168

reference_url

https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html

reference_id

clamav-01022-security-patch-released.html

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:29Z/

url

https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html

reference_url

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062

reference_id

CSCvs59062

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:29Z/

url

https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062

reference_url

reference_id

GLSA-202003-46

reference_type

scores

value	7.5
scoring_system	cvssv3.1
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

value	Track
scoring_system	ssvc
scoring_elements	SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-11-15T16:22:29Z/

url