Staging Environment: Content and features may be unstable or change without notice.
Search for packages
Package details: pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1
purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1
Next non-vulnerable version 1.4.4+dfsg-1
Latest non-vulnerable version 1.4.4+dfsg-1
Risk 4.5
Vulnerabilities affecting this package (5)
Vulnerability Summary Fixed by
VCID-5kba-63mx-hya7
Aliases:
CVE-2026-20031
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process.
1.4.4+dfsg-1
Affected by 0 other vulnerabilities.
VCID-63vt-1nc8-6kfc
Aliases:
CVE-2025-20260
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.
1.4.3+dfsg-1~deb12u2
Affected by 1 other vulnerability.
VCID-ggz7-h35v-p7ep
Aliases:
CVE-2024-20505
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.
1.4.3+dfsg-1~deb12u2
Affected by 1 other vulnerability.
VCID-vdhk-r67a-s3fr
Aliases:
CVE-2025-20128
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
1.4.3+dfsg-1~deb12u2
Affected by 1 other vulnerability.
VCID-wjvc-p75d-p3a9
Aliases:
CVE-2024-20506
Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution.
1.4.3+dfsg-1~deb12u2
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (8)
Vulnerability Summary Aliases
VCID-2aju-u36p-gug9 Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2022-20796
VCID-4z4r-2w8m-r7dz Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2023-20032
VCID-d3u3-epeb-guh9 Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2023-20052
VCID-dn26-zfsc-ryec Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2022-20785
VCID-fp31-7krz-abbs Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2022-20770
VCID-kurn-1uay-qqap Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2022-20792
VCID-mdfk-5ked-t3bu Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. CVE-2023-20197
VCID-tzph-y73s-6qb9 Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. CVE-2022-20771

Date Actor Action Vulnerability Source VulnerableCode Version
2026-04-16T12:53:15.123230+00:00 Debian Importer Affected by VCID-5kba-63mx-hya7 https://security-tracker.debian.org/tracker/data/json 38.4.0
2026-04-16T00:06:56.714432+00:00 Debian Oval Importer Fixing VCID-tzph-y73s-6qb9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T23:05:11.187412+00:00 Debian Oval Importer Fixing VCID-4z4r-2w8m-r7dz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T20:52:54.677088+00:00 Debian Oval Importer Affected by VCID-ggz7-h35v-p7ep https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T19:33:10.832275+00:00 Debian Oval Importer Fixing VCID-2aju-u36p-gug9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T18:44:21.042694+00:00 Debian Oval Importer Affected by VCID-wjvc-p75d-p3a9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:57:20.161072+00:00 Debian Oval Importer Fixing VCID-dn26-zfsc-ryec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T17:46:03.578385+00:00 Debian Oval Importer Affected by VCID-63vt-1nc8-6kfc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T16:41:53.021249+00:00 Debian Oval Importer Fixing VCID-fp31-7krz-abbs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:59:31.481220+00:00 Debian Oval Importer Affected by VCID-vdhk-r67a-s3fr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:47:35.416529+00:00 Debian Oval Importer Fixing VCID-d3u3-epeb-guh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:36:41.151810+00:00 Debian Oval Importer Fixing VCID-mdfk-5ked-t3bu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-15T15:29:39.177828+00:00 Debian Oval Importer Fixing VCID-kurn-1uay-qqap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.4.0
2026-04-14T03:28:11.355111+00:00 Debian Importer Affected by VCID-5kba-63mx-hya7 https://security-tracker.debian.org/tracker/data/json 38.3.0
2026-04-11T23:40:56.857682+00:00 Debian Oval Importer Fixing VCID-tzph-y73s-6qb9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T22:41:17.487193+00:00 Debian Oval Importer Fixing VCID-4z4r-2w8m-r7dz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T20:33:30.172570+00:00 Debian Oval Importer Affected by VCID-ggz7-h35v-p7ep https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T19:15:56.496159+00:00 Debian Oval Importer Fixing VCID-2aju-u36p-gug9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T18:29:11.786970+00:00 Debian Oval Importer Affected by VCID-wjvc-p75d-p3a9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:43:13.091264+00:00 Debian Oval Importer Fixing VCID-dn26-zfsc-ryec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T17:32:02.541361+00:00 Debian Oval Importer Affected by VCID-63vt-1nc8-6kfc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T16:28:44.019421+00:00 Debian Oval Importer Fixing VCID-fp31-7krz-abbs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:47:06.586487+00:00 Debian Oval Importer Affected by VCID-vdhk-r67a-s3fr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:35:17.259151+00:00 Debian Oval Importer Fixing VCID-d3u3-epeb-guh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:24:36.773315+00:00 Debian Oval Importer Fixing VCID-mdfk-5ked-t3bu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-11T15:17:44.211525+00:00 Debian Oval Importer Fixing VCID-kurn-1uay-qqap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.3.0
2026-04-08T23:13:26.074010+00:00 Debian Oval Importer Fixing VCID-tzph-y73s-6qb9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T22:16:23.457862+00:00 Debian Oval Importer Fixing VCID-4z4r-2w8m-r7dz https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T20:13:40.352794+00:00 Debian Oval Importer Affected by VCID-ggz7-h35v-p7ep https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:59:51.745557+00:00 Debian Oval Importer Fixing VCID-2aju-u36p-gug9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T18:14:26.560422+00:00 Debian Oval Importer Affected by VCID-wjvc-p75d-p3a9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:30:33.997644+00:00 Debian Oval Importer Fixing VCID-dn26-zfsc-ryec https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T17:19:54.668231+00:00 Debian Oval Importer Affected by VCID-63vt-1nc8-6kfc https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T16:20:06.629680+00:00 Debian Oval Importer Fixing VCID-fp31-7krz-abbs https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:40:44.095780+00:00 Debian Oval Importer Affected by VCID-vdhk-r67a-s3fr https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:29:19.996608+00:00 Debian Oval Importer Fixing VCID-d3u3-epeb-guh9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:19:06.583266+00:00 Debian Oval Importer Fixing VCID-mdfk-5ked-t3bu https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0
2026-04-08T15:12:28.252187+00:00 Debian Oval Importer Fixing VCID-kurn-1uay-qqap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 38.1.0