CVE-2015-2668
ClamAV < 0.98.7 - Denial of Service via Crafted XZ Archive File
Title source: llmDescription
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
References (5)
Core 5
Core References
Various Sources vendor-advisory
x_refsource_ubuntu
http://ubuntu.com/usn/usn-2594-1
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/201512-08
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/74472
Patch, Vendor Advisory x_refsource_confirm
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html
Scores
EPSS
0.0321
EPSS Percentile
86.8%
Details
CWE
CWE-399
Status
published
Products (5)
canonical/ubuntu_linux
12.04
canonical/ubuntu_linux
14.04
canonical/ubuntu_linux
14.10
canonical/ubuntu_linux
15.1
clamav/clamav
< 0.98.6
Published
May 12, 2015
Tracked Since
Feb 18, 2026