CVE-2014-9050

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 90%
VendorProductVersion
clamavclamav
𝑥
≤ 0.94.3
clamavclamav
0.01
clamavclamav
0.02
clamavclamav
0.3
clamavclamav
0.03
clamavclamav
0.05
clamavclamav
0.8:rc3
clamavclamav
0.9:rc1
clamavclamav
0.10
clamavclamav
0.12
clamavclamav
0.13
clamavclamav
0.14
clamavclamav
0.14:pre
clamavclamav
0.15
clamavclamav
0.20
clamavclamav
0.21
clamavclamav
0.22
clamavclamav
0.23
clamavclamav
0.24
clamavclamav
0.51
clamavclamav
0.52
clamavclamav
0.53
clamavclamav
0.54
clamavclamav
0.60
clamavclamav
0.60p:p
clamavclamav
0.65
clamavclamav
0.66
clamavclamav
0.67
clamavclamav
0.67-1
clamavclamav
0.68
clamavclamav
0.68.1
clamavclamav
0.70
clamavclamav
0.70:rc
clamavclamav
0.71
clamavclamav
0.72
clamavclamav
0.73
clamavclamav
0.74
clamavclamav
0.75
clamavclamav
0.75.1
clamavclamav
0.80
clamavclamav
0.80:rc
clamavclamav
0.80:rc1
clamavclamav
0.80:rc2
clamavclamav
0.80:rc3
clamavclamav
0.80:rc4
clamavclamav
0.80_rc:_rc
clamavclamav
0.81
clamavclamav
0.81:rc1
clamavclamav
0.82
clamavclamav
0.83
clamavclamav
0.84
clamavclamav
0.84:rc1
clamavclamav
0.84:rc2
clamavclamav
0.85
clamavclamav
0.85.1
clamavclamav
0.86
clamavclamav
0.86:rc1
clamavclamav
0.86.1
clamavclamav
0.86.2
clamavclamav
0.87
clamavclamav
0.87.1
clamavclamav
0.88
clamavclamav
0.88.1
clamavclamav
0.88.2
clamavclamav
0.88.3
clamavclamav
0.88.4
clamavclamav
0.88.5
clamavclamav
0.88.6
clamavclamav
0.88.7
clamavclamav
0.88.7_p0:_p0
clamavclamav
0.88.7_p1:_p1
clamavclamav
0.90
clamavclamav
0.90:rc1
clamavclamav
0.90:rc1.1
clamavclamav
0.90:rc2
clamavclamav
0.90:rc3
clamavclamav
0.90.1
clamavclamav
0.90.1_p0:_p0
clamavclamav
0.90.2
clamavclamav
0.90.2_p0:_p0
clamavclamav
0.90.3
clamavclamav
0.90.3_p0:_p0
clamavclamav
0.90.3_p1:_p1
clamavclamav
0.91
clamavclamav
0.91:rc1
clamavclamav
0.91:rc2
clamavclamav
0.91.1
clamavclamav
0.91.2
clamavclamav
0.91.2_p0:_p0
clamavclamav
0.92
clamavclamav
0.92.1
clamavclamav
0.92_p0:_p0
clamavclamav
0.93
clamavclamav
0.93.1
clamavclamav
0.93.2
clamavclamav
0.93.3
clamavclamav
0.94
clamavclamav
0.94.1
clamavclamav
0.94.2
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clamav
bullseye
0.103.10+dfsg-0+deb11u1
fixed
bookworm
1.0.5+dfsg-1~deb12u1
fixed
sid
1.4.1+dfsg-1
fixed
trixie
1.4.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
utopic
Fixed 0.98.5+dfsg-0ubuntu0.14.10.1
released
trusty
Fixed 0.98.5+addedllvm-0ubuntu0.14.04.1
released
precise
Fixed 0.98.5+addedllvm-0ubuntu0.12.04.1
released
lucid
ignored
Common Weakness Enumeration
References
http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
http://secunia.com/advisories/59645
http://secunia.com/advisories/62542
http://www.openwall.com/lists/oss-security/2014/11/22/1
http://www.securityfocus.com/bid/71242
http://www.securitytracker.com/id/1031268
http://www.ubuntu.com/usn/USN-2423-1
https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e
http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html
http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html
http://secunia.com/advisories/59645
http://secunia.com/advisories/62542
http://www.openwall.com/lists/oss-security/2014/11/22/1
http://www.securityfocus.com/bid/71242
http://www.securitytracker.com/id/1031268
http://www.ubuntu.com/usn/USN-2423-1
https://github.com/vrtadmin/clamav-devel/commit/fc3794a54d2affe5770c1f876484a871c783e91e