9.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
0.003 Low
EPSS
Percentile
69.1%
Vulnerability of HFS+ partition file analyzer of ClamAV antivirus software package is related to an operation exceeding the memory buffer boundaries.
operation beyond the memory buffer boundaries. Exploitation of the vulnerability could allow an attacker acting remotely to execute arbitrary code.
remotely to execute arbitrary code
A vulnerability in the ClamAV scanning library is related to the possibility of replacing an XML entity, which may lead to the introduction of an external entity.
lead to the introduction of an external entity. Exploitation of the vulnerability could allow an attacker acting remotely to transmit arbitrary code to the antivirus.
remotely, to pass specially crafted XML code to the antivirus and view bytes from any file that
could be read by the ClamAV scanning process.