VulnerableCode Package Details - pkg:alpm/archlinux/clamav@0.105.0-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-3gta-f1hk-aaaq	A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.	CVE-2022-20803
VCID-3kyu-4ez3-aaad	On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.	CVE-2022-20796
VCID-8tkq-e3eq-aaar	On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.	CVE-2022-20771
VCID-d543-x4n4-aaac	A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.	CVE-2022-20792
VCID-hk8g-fyx6-aaaj	On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.	CVE-2022-20785
VCID-trv4-yscy-aaap	On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.	CVE-2022-20770

Vulnerability

Summary

Aliases

VCID-3gta-f1hk-aaaq

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

CVE-2022-20803

VCID-3kyu-4ez3-aaad

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.

CVE-2022-20796

VCID-8tkq-e3eq-aaar

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20771

VCID-d543-x4n4-aaac

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

CVE-2022-20792

VCID-hk8g-fyx6-aaaj

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20785

VCID-trv4-yscy-aaap

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVE-2022-20770

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:45:11.906774+00:00	Arch Linux Importer	Fixing	VCID-trv4-yscy-aaap	https://security.archlinux.org/AVG-2722	36.0.0
2025-03-28T07:45:11.879059+00:00	Arch Linux Importer	Fixing	VCID-8tkq-e3eq-aaar	https://security.archlinux.org/AVG-2722	36.0.0
2025-03-28T07:45:11.851458+00:00	Arch Linux Importer	Fixing	VCID-hk8g-fyx6-aaaj	https://security.archlinux.org/AVG-2722	36.0.0
2025-03-28T07:45:11.823743+00:00	Arch Linux Importer	Fixing	VCID-d543-x4n4-aaac	https://security.archlinux.org/AVG-2722	36.0.0
2025-03-28T07:45:11.794243+00:00	Arch Linux Importer	Fixing	VCID-3kyu-4ez3-aaad	https://security.archlinux.org/AVG-2722	36.0.0
2025-03-28T07:45:11.775532+00:00	Arch Linux Importer	Fixing	VCID-3gta-f1hk-aaaq	https://security.archlinux.org/AVG-2722	36.0.0
2024-09-18T02:00:08.134512+00:00	Arch Linux Importer	Fixing	VCID-trv4-yscy-aaap	https://security.archlinux.org/AVG-2722	34.0.1
2024-09-18T02:00:08.111377+00:00	Arch Linux Importer	Fixing	VCID-8tkq-e3eq-aaar	https://security.archlinux.org/AVG-2722	34.0.1
2024-09-18T02:00:08.082208+00:00	Arch Linux Importer	Fixing	VCID-hk8g-fyx6-aaaj	https://security.archlinux.org/AVG-2722	34.0.1
2024-09-18T02:00:08.059925+00:00	Arch Linux Importer	Fixing	VCID-d543-x4n4-aaac	https://security.archlinux.org/AVG-2722	34.0.1
2024-09-18T02:00:08.038277+00:00	Arch Linux Importer	Fixing	VCID-3kyu-4ez3-aaad	https://security.archlinux.org/AVG-2722	34.0.1
2024-09-18T02:00:08.015251+00:00	Arch Linux Importer	Fixing	VCID-3gta-f1hk-aaaq	https://security.archlinux.org/AVG-2722	34.0.1
2024-01-03T22:26:22.898773+00:00	Arch Linux Importer	Fixing	VCID-trv4-yscy-aaap	https://security.archlinux.org/AVG-2722	34.0.0rc1
2024-01-03T22:26:22.879843+00:00	Arch Linux Importer	Fixing	VCID-8tkq-e3eq-aaar	https://security.archlinux.org/AVG-2722	34.0.0rc1
2024-01-03T22:26:22.860939+00:00	Arch Linux Importer	Fixing	VCID-hk8g-fyx6-aaaj	https://security.archlinux.org/AVG-2722	34.0.0rc1
2024-01-03T22:26:22.842010+00:00	Arch Linux Importer	Fixing	VCID-d543-x4n4-aaac	https://security.archlinux.org/AVG-2722	34.0.0rc1
2024-01-03T22:26:22.822935+00:00	Arch Linux Importer	Fixing	VCID-3kyu-4ez3-aaad	https://security.archlinux.org/AVG-2722	34.0.0rc1
2024-01-03T22:26:22.803377+00:00	Arch Linux Importer	Fixing	VCID-3gta-f1hk-aaaq	https://security.archlinux.org/AVG-2722	34.0.0rc1

2025-03-28T07:45:11.906774+00:00

Arch Linux Importer

Fixing