CVE-2015-1463
Advisory lineage Upstream: 0 Downstream: 5
Modified
Published: 03 Feb 2015, 16:00
Last modified:06 Aug 2024, 04:47
Vulnerability Summary
Overall Risk (default)
low
20/100 CVSS Score
5 MEDIUM
v2.0 (nvd)
EPSS Score
1.61% LOW
2% probability -0.27%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected
Timeline
03 Feb 2015, 16:00
Published
Vulnerability first disclosed
06 Aug 2024, 04:47
Last Modified
Vulnerability information updated
Description
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVSS Metrics
- v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P
EPSS Trends
Current EPSS score: 1.61%• Percentile: 82%
Techniques & Countermeasures
- CWE-17•DEPRECATED: Code
This entry has been deprecated. It was originally used for organizing the Development View (CWE-699) and some other views, but it introduced unnecessary complexity and depth to the resulting tree.
Affected Systems
- clamav•clamav
≤ 0.98.5
- fedoraproject•fedora
20 | 21
References (6)
- https://security.gentoo.org/glsa/201512-08
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html
- http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html
- http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html