{ "document": { "aggregate_severity": { "text": "Important" }, "category": "csaf_security_advisory", "csaf_version": "2.0", "distribution": { "text": "TuxCare License Agreement", "tlp": { "label": "WHITE", "url": "https://www.first.org/tlp/" } }, "lang": "en", "notes": [ { "category": "legal_disclaimer", "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Cloud Linux Inc. and provide a link to the original.", "title": "Terms of Use" }, { "category": "details", "text": "Commit: 52fc75b9bbbc73e30a2d3dd5a0d8815748cb914d", "title": "Details" } ], "publisher": { "category": "vendor", "contact_details": "https://tuxcare.com/contact/", "name": "TuxCare", "namespace": "https://tuxcare.com/" }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://security.tuxcare.com/csaf/v2/els_os/alpinelinux3.18els/advisories/2025/clsa-2025_1760989880.json" }, { "category": "self", "summary": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "tracking": { "current_release_date": "2026-05-22T17:52:41Z", "generator": { "date": "2026-05-22T17:52:41Z", "engine": { "name": "pyCSAF" } }, "id": "CLSA-2025:1760989880", "initial_release_date": "2025-10-20T19:52:16Z", "revision_history": [ { "date": "2025-10-20T19:52:16Z", "number": "1", "summary": "Initial version" }, { "date": "2026-05-22T17:52:41Z", "number": "2", "summary": "Update document" } ], "status": "final", "version": "2" }, "title": "Update of clamav" }, "product_tree": { "branches": [ { "branches": [ { "branches": [ { "category": "product_name", "name": "Alpine Linux 3.18", "product": { "name": "Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18", "product_identification_helper": { "cpe": "cpe:2.3:o:alpinelinux:alpine_linux:3.18:*:*:*:*:*:*:*" } } } ], "category": "product_family", "name": "Alpine Linux" } ], "category": "vendor", "name": "Alpine Linux" }, { "branches": [ { "branches": [ { "category": "product_version", "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-clamdscan@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-libunrar@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-milter@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-doc@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-daemon-openrc@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/freshclam-openrc@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-scanner@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/freshclam@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-libs@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-daemon@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-db@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } }, { "category": "product_version", "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "product": { "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "product_id": "clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-dev@1.1.2.tuxcare.els1-rr0?arch=aarch64" } } } ], "category": "architecture", "name": "aarch64" }, { "branches": [ { "category": "product_version", "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-clamdscan@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-libunrar@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-milter@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-doc@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-daemon-openrc@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/freshclam-openrc@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-scanner@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/freshclam@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-libs@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-daemon@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-db@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } }, { "category": "product_version", "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "product": { "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "product_id": "clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "product_identification_helper": { "purl": "pkg:apk/tuxcare/clamav-dev@1.1.2.tuxcare.els1-rr0?arch=x86_64" } } } ], "category": "architecture", "name": "x86_64" } ], "category": "vendor", "name": "TuxCare" } ], "relationships": [ { "category": "default_component_of", "full_product_name": { "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "freshclam-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "freshclam-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-db-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-db-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64" }, "product_reference": "clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "relates_to_product_reference": "Alpine-Linux-3.18" }, { "category": "default_component_of", "full_product_name": { "name": "clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64 as a component of Alpine Linux 3.18", "product_id": "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64" }, "product_reference": "clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "relates_to_product_reference": "Alpine-Linux-3.18" } ] }, "vulnerabilities": [ { "cve": "CVE-2018-14682", "cwe": { "id": "CWE-193", "name": "Off-by-one Error" }, "notes": [ { "category": "description", "text": "An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-14682" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/07/26/1", "url": "http://www.openwall.com/lists/oss-security/2018/07/26/1" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1041410", "url": "http://www.securitytracker.com/id/1041410" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3327", "url": "https://access.redhat.com/errata/RHSA-2018:3327" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3505", "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "category": "external", "summary": "https://bugs.debian.org/904800", "url": "https://bugs.debian.org/904800" }, { "category": "external", "summary": "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8", "url": "https://github.com/kyz/libmspack/commit/4fd9ccaa54e1aebde1e4b95fb0163b699fd7bcc8" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201903-20", "url": "https://security.gentoo.org/glsa/201903-20" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-1/", "url": "https://usn.ubuntu.com/3728-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-2/", "url": "https://usn.ubuntu.com/3728-2/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-3/", "url": "https://usn.ubuntu.com/3728-3/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3789-2/", "url": "https://usn.ubuntu.com/3789-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2018/dsa-4260", "url": "https://www.debian.org/security/2018/dsa-4260" } ], "release_date": "2018-07-28T23:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2019-12625", "cwe": { "id": "CWE-400", "name": "Uncontrolled Resource Consumption" }, "notes": [ { "category": "description", "text": "ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-12625" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html" }, { "category": "external", "summary": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html", "url": "http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html" }, { "category": "external", "summary": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html", "url": "https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html" } ], "release_date": "2019-11-05T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-12374", "cwe": { "id": "CWE-416", "name": "Use After Free" }, "notes": [ { "category": "description", "text": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12374" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11939", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11939" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-3123", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-3123" }, { "category": "external", "summary": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html", "url": "https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html" }, { "category": "external", "summary": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062", "url": "https://quickview.cloudapps.cisco.com/quickview/bug/CSCvs59062" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202003-46", "url": "https://security.gentoo.org/glsa/202003-46" }, { "category": "external", "summary": "https://usn.ubuntu.com/4280-1/", "url": "https://usn.ubuntu.com/4280-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4280-2/", "url": "https://usn.ubuntu.com/4280-2/" } ], "release_date": "2020-02-05T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-6419", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-6419" }, { "category": "external", "summary": "http://www.debian.org/security/2017/dsa-3946", "url": "http://www.debian.org/security/2017/dsa-3946" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11701", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11701" }, { "category": "external", "summary": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md", "url": "https://github.com/varsleak/varsleak-vul/blob/master/clamav-vul/heap-overflow/clamav_chm_crash.md" }, { "category": "external", "summary": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1", "url": "https://github.com/vrtadmin/clamav-devel/commit/a83773682e856ad6529ba6db8d1792e6d515d7f1" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html", "url": "https://lists.debian.org/debian-lts-announce/2018/02/msg00014.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201804-16", "url": "https://security.gentoo.org/glsa/201804-16" } ], "release_date": "2017-08-07T03:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-12379", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12379" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11944", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11944" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2020-3327", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An attacker could exploit this vulnerability by sending a crafted ARJ file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-3327" }, { "category": "external", "summary": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html", "url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202007-23", "url": "https://security.gentoo.org/glsa/202007-23" }, { "category": "external", "summary": "https://usn.ubuntu.com/4370-1/", "url": "https://usn.ubuntu.com/4370-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4370-2/", "url": "https://usn.ubuntu.com/4370-2/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4435-1/", "url": "https://usn.ubuntu.com/4435-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4435-2/", "url": "https://usn.ubuntu.com/4435-2/" } ], "release_date": "2020-05-13T03:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-1405", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-1405" }, { "category": "external", "summary": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html", "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html", "url": "https://lists.debian.org/debian-lts-announce/2021/04/msg00012.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202104-07", "url": "https://security.gentoo.org/glsa/202104-07" } ], "release_date": "2021-04-08T05:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-12375", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12375" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11940", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11940" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-3481", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-3481" }, { "category": "external", "summary": "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html", "url": "https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html", "url": "https://lists.debian.org/debian-lts-announce/2020/08/msg00010.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IJ67VH37NCG25PICGWFWZHSVG7PBT7MC/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QM7EXJHDEZJLWM2NKH6TCDXOBP5NNYIN/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202007-23", "url": "https://security.gentoo.org/glsa/202007-23" }, { "category": "external", "summary": "https://usn.ubuntu.com/4435-1/", "url": "https://usn.ubuntu.com/4435-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4435-2/", "url": "https://usn.ubuntu.com/4435-2/" } ], "release_date": "2020-07-20T18:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2022-48579", "cwe": { "id": "CWE-59", "name": "Improper Link Resolution Before File Access ('Link Following')" }, "notes": [ { "category": "description", "text": "UnRAR before 6.2.3 allows extraction of files outside of the destination folder via symlink chains.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-48579" }, { "category": "external", "summary": "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee", "url": "https://github.com/pmachapman/unrar/commit/2ecab6bb5ac4f3b88f270218445496662020205f#diff-ca3086f578522062d7e390ed2cd7e10f646378a8b8cbf287a6e4db5966df68ee" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html", "url": "https://lists.debian.org/debian-lts-announce/2023/08/msg00023.html" } ], "release_date": "2023-08-07T04:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-1404", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-1404" }, { "category": "external", "summary": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html", "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" } ], "release_date": "2021-04-08T05:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-12380", "cwe": { "id": "CWE-476", "name": "NULL Pointer Dereference" }, "notes": [ { "category": "description", "text": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12380" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11945", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11945" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2012-6706", "cwe": { "id": "CWE-190", "name": "Integer Overflow or Wraparound" }, "notes": [ { "category": "description", "text": "A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the \"DestPos\" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2012-6706" }, { "category": "external", "summary": "http://securitytracker.com/id?1027725", "url": "http://securitytracker.com/id?1027725" }, { "category": "external", "summary": "http://telussecuritylabs.com/threats/show/TSL20121207-01", "url": "http://telussecuritylabs.com/threats/show/TSL20121207-01" }, { "category": "external", "summary": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286", "url": "https://bugs.chromium.org/p/project-zero/issues/detail?id=1286" }, { "category": "external", "summary": "https://community.sophos.com/kb/en-us/118424#six", "url": "https://community.sophos.com/kb/en-us/118424#six" }, { "category": "external", "summary": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205", "url": "https://kc.mcafee.com/corporate/index?page=content&id=SB10205" }, { "category": "external", "summary": "https://lock.cmpxchg8b.com/sophailv2.pdf", "url": "https://lock.cmpxchg8b.com/sophailv2.pdf" }, { "category": "external", "summary": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/", "url": "https://nakedsecurity.sophos.com/2012/11/05/tavis-ormandy-sophos/" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201708-05", "url": "https://security.gentoo.org/glsa/201708-05" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201709-24", "url": "https://security.gentoo.org/glsa/201709-24" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201804-16", "url": "https://security.gentoo.org/glsa/201804-16" } ], "release_date": "2017-06-22T13:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2017-12377", "cwe": { "id": "CWE-125", "name": "Out-of-bounds Read" }, "notes": [ { "category": "description", "text": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12377" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11943", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11943" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2022-20698", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2022-20698" }, { "category": "external", "summary": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html", "url": "https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/202310-01", "url": "https://security.gentoo.org/glsa/202310-01" } ], "release_date": "2022-01-14T06:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2021-1252", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2021-1252" }, { "category": "external", "summary": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html", "url": "https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html" } ], "release_date": "2021-04-08T05:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2017-12376", "cwe": { "id": "CWE-119", "name": "Improper Restriction of Operations within the Bounds of a Memory Buffer" }, "notes": [ { "category": "description", "text": "ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2017-12376" }, { "category": "external", "summary": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html", "url": "http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html" }, { "category": "external", "summary": "https://bugzilla.clamav.net/show_bug.cgi?id=11942", "url": "https://bugzilla.clamav.net/show_bug.cgi?id=11942" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html", "url": "https://lists.debian.org/debian-lts-announce/2018/01/msg00035.html" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-1/", "url": "https://usn.ubuntu.com/3550-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3550-2/", "url": "https://usn.ubuntu.com/3550-2/" } ], "release_date": "2018-01-26T20:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "baseSeverity": "CRITICAL", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2023-20032", "cwe": { "id": "CWE-120", "name": "Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')" }, "notes": [ { "category": "description", "text": "On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed:\r\n\r \r A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code.\r\n\r \r This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition.\r\n\r For a description of this vulnerability, see the ClamAV blog [\"https://blog.clamav.net/\"].", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2023-20032" }, { "category": "external", "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-q8DThCy" } ], "release_date": "2023-03-01T08:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Critical" } ] }, { "cve": "CVE-2019-1789", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2019-1789" }, { "category": "external", "summary": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html", "url": "https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html" } ], "release_date": "2019-11-05T19:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2020-3341", "cwe": { "id": "CWE-20", "name": "Improper Input Validation" }, "notes": [ { "category": "description", "text": "A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2020-3341" }, { "category": "external", "summary": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html", "url": "https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html", "url": "https://lists.debian.org/debian-lts-announce/2020/05/msg00018.html" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/3BMTC7I5LGY4FCIZLHPNC4WWC6VNLFER/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L5YWYT27SBTV4RZSGFHIQUI4LQVFASWS/" }, { "category": "external", "summary": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ROBJOGJOT44MVDX7RQEACYHQN4LYW5RK/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4370-1/", "url": "https://usn.ubuntu.com/4370-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/4370-2/", "url": "https://usn.ubuntu.com/4370-2/" } ], "release_date": "2020-05-13T03:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2018-14681", "cwe": { "id": "CWE-787", "name": "Out-of-bounds Write" }, "notes": [ { "category": "description", "text": "An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2018-14681" }, { "category": "external", "summary": "http://www.openwall.com/lists/oss-security/2018/07/26/1", "url": "http://www.openwall.com/lists/oss-security/2018/07/26/1" }, { "category": "external", "summary": "http://www.securitytracker.com/id/1041410", "url": "http://www.securitytracker.com/id/1041410" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3327", "url": "https://access.redhat.com/errata/RHSA-2018:3327" }, { "category": "external", "summary": "https://access.redhat.com/errata/RHSA-2018:3505", "url": "https://access.redhat.com/errata/RHSA-2018:3505" }, { "category": "external", "summary": "https://bugs.debian.org/904799", "url": "https://bugs.debian.org/904799" }, { "category": "external", "summary": "https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8", "url": "https://github.com/kyz/libmspack/commit/0b0ef9344255ff5acfac6b7af09198ac9c9756c8" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html", "url": "https://lists.debian.org/debian-lts-announce/2018/08/msg00007.html" }, { "category": "external", "summary": "https://security.gentoo.org/glsa/201903-20", "url": "https://security.gentoo.org/glsa/201903-20" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-1/", "url": "https://usn.ubuntu.com/3728-1/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-2/", "url": "https://usn.ubuntu.com/3728-2/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3728-3/", "url": "https://usn.ubuntu.com/3728-3/" }, { "category": "external", "summary": "https://usn.ubuntu.com/3789-2/", "url": "https://usn.ubuntu.com/3789-2/" }, { "category": "external", "summary": "https://www.debian.org/security/2018/dsa-4260", "url": "https://www.debian.org/security/2018/dsa-4260" } ], "release_date": "2018-07-28T23:29:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v2": { "accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0" }, "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.0" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] }, { "cve": "CVE-2025-20128", "cwe": { "id": "CWE-122", "name": "Heap-based Buffer Overflow" }, "notes": [ { "category": "description", "text": "A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.\r\n\r\nThis vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software.\r\nFor a description of this vulnerability, see the .\r\nCisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.", "title": "Vulnerability description" }, { "category": "general", "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product's status, and are included for informational purposes to better understand the severity of this vulnerability.", "title": "CVSS score applicability" } ], "product_status": { "fixed": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] }, "references": [ { "category": "self", "summary": "Canonical URL", "url": "https://cve.tuxcare.com/els/cve/CVE-2025-20128" }, { "category": "external", "summary": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html", "url": "https://blog.clamav.net/2025/01/clamav-142-and-108-security-patch.html" }, { "category": "external", "summary": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA", "url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA" }, { "category": "external", "summary": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html", "url": "https://lists.debian.org/debian-lts-announce/2025/09/msg00006.html" } ], "release_date": "2025-01-22T17:15:00Z", "remediations": [ { "category": "vendor_fix", "date": "2025-10-20T19:51:22.745732Z", "details": "Details on how to apply the fix are available at: https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880", "product_ids": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ], "url": "https://cve.tuxcare.com/els/releases/CLSA-2025:1760989880" } ], "scores": [ { "cvss_v3": { "attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1" }, "products": [ "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-clamdscan-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-daemon-openrc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-db-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-dev-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-doc-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libs-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-libunrar-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-milter-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:clamav-scanner-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-1.1.2.tuxcare.els1-rr0.x86_64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.aarch64", "Alpine-Linux-3.18:freshclam-openrc-1.1.2.tuxcare.els1-rr0.x86_64" ] } ], "threats": [ { "category": "impact", "details": "Important" } ] } ] }