Информационная безопасность
[RU] switch to English


Многочисленные уязвимости безопасности в ClamAV
Опубликовано:4 мая 2015 г.
Источник:
SecurityVulns ID:14427
Тип:библиотека
Уровень опасности:
7/10
Описание:DoS, повреждения памяти, переполнение буфера.
Затронутые продукты:CLAMAV : ClamAV 0.98
CVE:CVE-2015-2668 (ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.)
 CVE-2015-2305 (Integer overflow in the regcomp implementation in the Henry Spencer BSD regex library (aka rxspencer) alpha3.8.g5 on 32-bit platforms, as used in NetBSD through 6.1.5 and other products, might allow context-dependent attackers to execute arbitrary code via a large regular expression that leads to a heap-based buffer overflow.)
 CVE-2015-2222 (ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.)
 CVE-2015-2221 (ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.)
 CVE-2015-2170 (The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.)
Оригинальный текстdocumentMANDRIVA, [ MDVSA-2015:221 ] clamav (04.05.2015)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород