rpm package
opensuse/clamav&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
Vulnerabilities (90)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2015-1461 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | ||
| CVE-2014-9328 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | ||
| CVE-2014-9050 | — | < 1.4.2-1.1 | 1.4.2-1.1 | Dec 1, 2014 | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | ||
| CVE-2013-6497 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Dec 1, 2014 | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | ||
| CVE-2012-1459 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Mar 21, 2012 | The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5 | ||
| CVE-2012-1458 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Mar 21, 2012 | The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published | ||
| CVE-2012-1457 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Mar 21, 2012 | The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSa | ||
| CVE-2011-3627 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Nov 17, 2011 | The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | ||
| CVE-2011-2721 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Aug 5, 2011 | Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. | ||
| CVE-2010-0405 | — | < 0.99.2-4.1 | 0.99.2-4.1 | Sep 28, 2010 | Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file. | ||
| CVE-2010-1205 | Cri | 9.8 | < 0.103.3-1.4 | 0.103.3-1.4 | Jun 30, 2010 | Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row. | |
| CVE-2008-2713 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Jun 16, 2008 | libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | ||
| CVE-2008-1100 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 14, 2008 | Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. | ||
| CVE-2008-0728 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Feb 12, 2008 | The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." | ||
| CVE-2008-0318 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Feb 12, 2008 | Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. | ||
| CVE-2007-6596 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 31, 2007 | ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | ||
| CVE-2007-6595 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 31, 2007 | ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. | ||
| CVE-2007-6337 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 31, 2007 | Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | ||
| CVE-2007-6336 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 20, 2007 | Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | ||
| CVE-2007-6335 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 20, 2007 | Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. |
- CVE-2015-1461Feb 3, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
- CVE-2014-9328Feb 3, 2015affected < 0.99.2-4.1fixed 0.99.2-4.1
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
- CVE-2014-9050Dec 1, 2014affected < 1.4.2-1.1fixed 1.4.2-1.1
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
- CVE-2013-6497Dec 1, 2014affected < 0.99.2-4.1fixed 0.99.2-4.1
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
- CVE-2012-1459Mar 21, 2012affected < 0.99.2-4.1fixed 0.99.2-4.1
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5
- CVE-2012-1458Mar 21, 2012affected < 0.99.2-4.1fixed 0.99.2-4.1
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published
- CVE-2012-1457Mar 21, 2012affected < 0.99.2-4.1fixed 0.99.2-4.1
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSa
- CVE-2011-3627Nov 17, 2011affected < 0.99.2-4.1fixed 0.99.2-4.1
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
- CVE-2011-2721Aug 5, 2011affected < 0.99.2-4.1fixed 0.99.2-4.1
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
- CVE-2010-0405Sep 28, 2010affected < 0.99.2-4.1fixed 0.99.2-4.1
Integer overflow in the BZ2_decompress function in decompress.c in bzip2 and libbzip2 before 1.0.6 allows context-dependent attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted compressed file.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
Buffer overflow in pngpread.c in libpng before 1.2.44 and 1.4.x before 1.4.3, as used in progressive applications, might allow remote attackers to execute arbitrary code via a PNG image that triggers an additional data row.
- CVE-2008-2713Jun 16, 2008affected < 0.103.3-1.4fixed 0.103.3-1.4
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
- CVE-2008-1100Apr 14, 2008affected < 0.103.3-1.4fixed 0.103.3-1.4
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
- CVE-2008-0728Feb 12, 2008affected < 0.103.3-1.4fixed 0.103.3-1.4
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
- CVE-2008-0318Feb 12, 2008affected < 0.103.3-1.4fixed 0.103.3-1.4
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
- CVE-2007-6596Dec 31, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
- CVE-2007-6595Dec 31, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
- CVE-2007-6337Dec 31, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
- CVE-2007-6336Dec 20, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
- CVE-2007-6335Dec 20, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
Page 4 of 5