PT-2019-14495 · Clam Antivirus+3 · Clamav+3

Published

2019-11-21

·

Updated

2026-02-06

·

CVE-2019-15961

CVSS v3.1

7.5

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Name of the Vulnerable Software and Affected Versions Clam AntiVirus (ClamAV) versions 0.102.0, 0.101.4 and prior
Description A vulnerability in the email parsing module could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The issue is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this by sending a crafted email file to an affected device, allowing the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
Recommendations For versions 0.102.0 and prior, update to version 0.102.1 or later. For version 0.101.4 and prior, update to version 0.101.5 or later. As a temporary workaround, consider restricting the processing of specially formatted email files until a patch is applied.

Exploit

Fix

DoS

Resource Exhaustion

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-400CWE-20

Related Identifiers

ALT-PU-2019-3192
ALT-PU-2019-3203
CLEANSTART-2026-LA13761
CLEANSTART-2026-NJ87139
CLEANSTART-2026-TC95380
CLEANSTART-2026-WX01708
CVE-2019-15961
DLA-2108-1
MGASA-2019-0361
OESA-2021-1080
OPENSUSE-SU-2019:2668-1
OPENSUSE-SU-2019_2668-1
OPENSUSE-SU-2020:2268-1
OPENSUSE-SU-2020:2276-1
OPENSUSE-SU-2020_2268-1
OPENSUSE-SU-2020_2276-1
OPENSUSE-SU-2024:10685-1
SUSE-SU-2019:14236-1
SUSE-SU-2019:3176-1
SUSE-SU-2019:3177-1
SUSE-SU-2019_14236-1
SUSE-SU-2019_3176-1
SUSE-SU-2019_3177-1
SUSE-SU-2020:3729-1
SUSE-SU-2020:3790-1
SUSE-SU-2020:3918-1
USN-4230-1
USN-4230-2

Affected Products

Alt Linux
Clamav
Suse
Ubuntu