CVE-2016-1371

5.5 MEDIUM

Published: October 03, 2016 Modified: May 06, 2026

Description

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

AI Explanation

Get an AI-powered plain-language explanation of this vulnerability and remediation steps.

CVSS v3.x Details

0.0 Low Medium High Critical 10.0

Vector String

CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

References to Advisories, Solutions, and Tools

Patch Vendor Advisory Exploit Third Party Advisory

http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html

Source: psirt@cisco.com

Vendor Advisory

http://www.securityfocus.com/bid/93222

Source: psirt@cisco.com

Third Party Advisory VDB Entry

http://www.ubuntu.com/usn/USN-3093-1

Source: psirt@cisco.com

Third Party Advisory

https://bugzilla.clamav.net/show_bug.cgi?id=11514

Source: psirt@cisco.com

Issue Tracking

https://foxglovesecurity.com/2016/06/13/finding-pearls-fuzzing-clamav/

Source: psirt@cisco.com

Exploit Technical Description Third Party Advisory

http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html