Search for packages
Package details: pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1
purl pkg:deb/debian/clamav@0.103.10%2Bdfsg-0%2Bdeb11u1
Next non-vulnerable version None.
Latest non-vulnerable version None.
Risk 4.5
Vulnerabilities affecting this package (4)
Vulnerability Summary Fixed by
VCID-1bxy-9xq1-z3f9
Aliases:
CVE-2024-20506
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.
1.0.7+dfsg-1~deb12u1
Affected by 1 other vulnerability.
1.4.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-hwc3-71f6-4kca
Aliases:
CVE-2024-20505
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
1.0.7+dfsg-1~deb12u1
Affected by 1 other vulnerability.
1.4.1+dfsg-1
Affected by 0 other vulnerabilities.
VCID-k3zc-f8ax-v3ag
Aliases:
CVE-2025-20128
A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.
1.4.2+dfsg-1
Affected by 1 other vulnerability.
VCID-yvky-tjfz-3qep
Aliases:
CVE-2025-20234
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .
1.0.7+dfsg-1~deb12u1
Affected by 1 other vulnerability.
Vulnerabilities fixed by this package (9)
Vulnerability Summary Aliases
VCID-3kyu-4ez3-aaad On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. CVE-2022-20796
VCID-8tkq-e3eq-aaar On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20771
VCID-d543-x4n4-aaac A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user. CVE-2022-20792
VCID-hk8g-fyx6-aaaj On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20785
VCID-ht46-hd7r-aaan A vulnerability in the AutoIt module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a logic error in the memory management of an affected device. An attacker could exploit this vulnerability by submitting a crafted AutoIt file to be scanned by ClamAV on the affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to restart unexpectedly, resulting in a DoS condition. CVE-2023-20212
VCID-m6ud-qan7-aaaa A vulnerability in the filesystem image parser for Hierarchical File System Plus (HFS+) of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an incorrect check for completion when a file is decompressed, which may result in a loop condition that could cause the affected software to stop responding. An attacker could exploit this vulnerability by submitting a crafted HFS+ filesystem image to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to cause the ClamAV scanning process to stop responding, resulting in a DoS condition on the affected software and consuming available system resources. For a description of this vulnerability, see the ClamAV blog . CVE-2023-20197
VCID-trv4-yscy-aaap On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available. CVE-2022-20770
VCID-wyd4-e666-aaaj On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process. CVE-2023-20052
VCID-zrm4-mnhs-aaad On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"]. CVE-2023-20032

Date Actor Action Vulnerability Source VulnerableCode Version
2025-06-22T11:02:17.516443+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 36.1.3
2025-06-22T04:46:21.166708+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 36.1.3
2025-06-21T22:28:21.090307+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 36.1.3
2025-06-21T19:02:17.484976+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:27:04.705931+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:19:48.191618+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T18:15:07.707389+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.3
2025-06-21T15:36:50.558211+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T15:05:13.541869+00:00 Debian Importer Affected by VCID-hwc3-71f6-4kca https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-21T14:39:31.919821+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T14:08:58.461752+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.3
2025-06-21T08:56:04.006761+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa None 36.1.3
2025-06-21T07:37:50.266858+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad None 36.1.3
2025-06-21T07:37:40.391590+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj None 36.1.3
2025-06-21T04:44:59.023299+00:00 Debian Oval Importer Fixing VCID-hk8g-fyx6-aaaj None 36.1.3
2025-06-21T04:22:35.893940+00:00 Debian Oval Importer Fixing VCID-3kyu-4ez3-aaad None 36.1.3
2025-06-21T04:20:47.725053+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap None 36.1.3
2025-06-21T04:14:08.828273+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 36.1.3
2025-06-21T03:27:16.182146+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac None 36.1.3
2025-06-21T01:54:34.108298+00:00 Debian Oval Importer Fixing VCID-8tkq-e3eq-aaar None 36.1.3
2025-06-21T00:06:18.781267+00:00 Debian Importer Affected by VCID-k3zc-f8ax-v3ag https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-20T23:51:43.630331+00:00 Debian Importer Affected by VCID-yvky-tjfz-3qep https://security-tracker.debian.org/tracker/data/json 36.1.3
2025-06-08T13:18:12.094370+00:00 Debian Oval Importer Fixing VCID-3kyu-4ez3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T12:19:04.442498+00:00 Debian Oval Importer Fixing VCID-hk8g-fyx6-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T11:31:32.131447+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:57:38.361001+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:50:44.648045+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T10:46:19.299511+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.1.0
2025-06-08T08:31:21.606910+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:32:42.024439+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T07:02:22.506398+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.1.0
2025-06-08T02:42:35.836289+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa None 36.1.0
2025-06-08T01:17:46.492083+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad None 36.1.0
2025-06-08T01:17:36.845353+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj None 36.1.0
2025-06-07T22:21:57.582099+00:00 Debian Oval Importer Fixing VCID-hk8g-fyx6-aaaj None 36.1.0
2025-06-07T21:58:47.889878+00:00 Debian Oval Importer Fixing VCID-3kyu-4ez3-aaad None 36.1.0
2025-06-07T21:56:56.040326+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap None 36.1.0
2025-06-07T21:00:44.554105+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac None 36.1.0
2025-06-07T19:17:59.306635+00:00 Debian Oval Importer Fixing VCID-8tkq-e3eq-aaar None 36.1.0
2025-04-13T02:28:06.802787+00:00 Debian Oval Importer Affected by VCID-hwc3-71f6-4kca https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-13T02:27:57.488646+00:00 Debian Oval Importer Affected by VCID-1bxy-9xq1-z3f9 https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T22:00:35.742686+00:00 Debian Oval Importer Fixing VCID-8tkq-e3eq-aaar https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T21:21:32.817693+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T19:06:14.375012+00:00 Debian Oval Importer Fixing VCID-3kyu-4ez3-aaad https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T18:04:58.358072+00:00 Debian Oval Importer Fixing VCID-hk8g-fyx6-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T17:15:54.508722+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:40:21.451064+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:33:03.480775+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-12T16:28:21.983988+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac https://www.debian.org/security/oval/oval-definitions-bullseye.xml.bz2 36.0.0
2025-04-08T07:02:47.939467+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T06:05:27.122128+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T05:35:05.801682+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad https://www.debian.org/security/oval/oval-definitions-buster.xml.bz2 36.0.0
2025-04-08T01:09:53.433335+00:00 Debian Oval Importer Fixing VCID-m6ud-qan7-aaaa None 36.0.0
2025-04-07T23:50:22.096417+00:00 Debian Oval Importer Fixing VCID-zrm4-mnhs-aaad None 36.0.0
2025-04-07T23:50:12.020101+00:00 Debian Oval Importer Fixing VCID-wyd4-e666-aaaj None 36.0.0
2025-04-07T20:53:33.222573+00:00 Debian Oval Importer Fixing VCID-hk8g-fyx6-aaaj None 36.0.0
2025-04-07T20:29:31.688921+00:00 Debian Oval Importer Fixing VCID-3kyu-4ez3-aaad None 36.0.0
2025-04-07T20:27:32.928280+00:00 Debian Oval Importer Fixing VCID-trv4-yscy-aaap None 36.0.0
2025-04-07T19:31:03.634760+00:00 Debian Oval Importer Fixing VCID-d543-x4n4-aaac None 36.0.0
2025-04-07T17:55:48.148761+00:00 Debian Oval Importer Fixing VCID-8tkq-e3eq-aaar None 36.0.0
2025-04-06T12:08:17.316885+00:00 Debian Importer Affected by VCID-1bxy-9xq1-z3f9 https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-06T04:22:00.677453+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 36.0.0
2025-04-05T22:45:01.456149+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 36.0.0
2025-04-05T18:28:42.041127+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 36.0.0
2025-04-05T11:37:14.016535+00:00 Debian Importer Affected by VCID-hwc3-71f6-4kca https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-04-04T07:03:02.957263+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 36.0.0
2025-04-04T02:48:01.593220+00:00 Debian Importer Affected by VCID-k3zc-f8ax-v3ag https://security-tracker.debian.org/tracker/data/json 36.0.0
2025-02-21T18:26:43.218263+00:00 Debian Importer Affected by VCID-1bxy-9xq1-z3f9 https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T18:26:41.055406+00:00 Debian Importer Affected by VCID-hwc3-71f6-4kca https://security-tracker.debian.org/tracker/data/json 35.1.0
2025-02-21T08:47:15.112770+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 35.1.0
2025-02-21T08:47:12.806171+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 35.1.0
2025-02-21T08:46:23.603026+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 35.1.0
2025-02-21T08:46:16.683968+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 35.1.0
2024-11-24T06:49:26.600150+00:00 Debian Importer Affected by VCID-1bxy-9xq1-z3f9 https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-11-24T06:49:24.100913+00:00 Debian Importer Affected by VCID-hwc3-71f6-4kca https://security-tracker.debian.org/tracker/data/json 35.0.0
2024-10-11T03:33:42.851641+00:00 Debian Importer Affected by VCID-1bxy-9xq1-z3f9 https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-10-11T03:33:41.368696+00:00 Debian Importer Affected by VCID-hwc3-71f6-4kca https://security-tracker.debian.org/tracker/data/json 34.0.2
2024-04-26T01:02:59.239215+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 34.0.0rc4
2024-04-26T01:02:57.067912+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 34.0.0rc4
2024-04-26T01:02:28.122287+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 34.0.0rc4
2024-04-26T01:02:18.539621+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 34.0.0rc4
2024-01-12T11:02:42.903565+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 34.0.0rc2
2024-01-12T11:02:38.913715+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 34.0.0rc2
2024-01-12T11:00:39.033800+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 34.0.0rc2
2024-01-12T10:59:58.310222+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 34.0.0rc2
2024-01-05T07:37:10.367726+00:00 Debian Importer Fixing VCID-ht46-hd7r-aaan None 34.0.0rc1
2024-01-05T07:37:08.459415+00:00 Debian Importer Fixing VCID-m6ud-qan7-aaaa None 34.0.0rc1
2024-01-05T07:36:48.368830+00:00 Debian Importer Fixing VCID-wyd4-e666-aaaj None 34.0.0rc1
2024-01-05T07:36:41.271505+00:00 Debian Importer Fixing VCID-zrm4-mnhs-aaad None 34.0.0rc1