Denial of Service Vulnerability in ClamAV by Cisco Systems
CVE-2015-2668

Currently unrated

Key Information:

Vendor: Clamav
Status: Clamav
Vendor: CVE Published:; 12 May 2015

What is CVE-2015-2668?

ClamAV prior to version 0.98.7 is susceptible to a remote denial of service vulnerability. This flaw allows attackers to create specially crafted xz archive files that, when processed by ClamAV, can trigger an infinite loop, leading to service interruptions. Keeping ClamAV updated is essential for protecting against this issue.

References

http://ubuntu.com/usn/usn-2594-1

vendor-advisoryx_refsource_UBUNTU

https://security.gentoo.org/glsa/201512-08

vendor-advisoryx_refsource_GENTOO

http://www.securityfocus.com/bid/74472

vdb-entryx_refsource_BID

Timeline

Vulnerability published
May 12, 2015
Vulnerability Reserved
Mar 20, 2015

Clamav

What is CVE-2015-2668?

References

Timeline