Denial of Service Vulnerability in ClamAV by Cisco
CVE-2016-1372

5.5MEDIUM

Key Information:

Vendor

Clamav

Status
Clamav
Vendor
CVE Published:
3 October 2016

What is CVE-2016-1372?

ClamAV prior to version 0.99.2 is susceptible to a denial of service vulnerability that allows remote attackers to crash the application. This is achieved through the sending of specially crafted 7z files, which can exploit the inadequacies in the software’s input handling, leading to an application crash. The vulnerability underscores the importance of maintaining updated antivirus solutions to mitigate potential security risks.

References

http://blog.clamav.net/2016/05/clamav-0992-has-been-relea...
x_refsource_CONFIRM
https://foxglovesecurity.com/2016/06/13/finding-pearls-fu...
x_refsource_MISC
http://www.securityfocus.com/bid/93221
vdb-entryx_refsource_BID

CVSS V3.1

Score:
5.5
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.