rpm package
opensuse/clamav&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/clamav&distro=openSUSE%20Tumbleweed
Vulnerabilities (90)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2007-1997 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 16, 2007 | Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and | ||
| CVE-2007-1745 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 16, 2007 | The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are ob | ||
| CVE-2007-0898 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Feb 16, 2007 | Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. | ||
| CVE-2007-0897 | Hig | 7.5 | < 0.103.3-1.4 | 0.103.3-1.4 | Feb 16, 2007 | Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a | |
| CVE-2006-5874 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Dec 10, 2006 | Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | ||
| CVE-2006-4182 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Oct 16, 2006 | Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when les | ||
| CVE-2006-1989 | — | < 0.103.3-1.4 | 0.103.3-1.4 | May 1, 2006 | Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | ||
| CVE-2006-1614 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Apr 6, 2006 | Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | ||
| CVE-2005-3303 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Nov 5, 2005 | The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. | ||
| CVE-2005-3239 | — | < 0.103.3-1.4 | 0.103.3-1.4 | Oct 14, 2005 | The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function. |
- CVE-2007-1997Apr 16, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and
- CVE-2007-1745Apr 16, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are ob
- CVE-2007-0898Feb 16, 2007affected < 0.103.3-1.4fixed 0.103.3-1.4
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
- affected < 0.103.3-1.4fixed 0.103.3-1.4
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a
- CVE-2006-5874Dec 10, 2006affected < 0.103.3-1.4fixed 0.103.3-1.4
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
- CVE-2006-4182Oct 16, 2006affected < 0.103.3-1.4fixed 0.103.3-1.4
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when les
- CVE-2006-1989May 1, 2006affected < 0.103.3-1.4fixed 0.103.3-1.4
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
- CVE-2006-1614Apr 6, 2006affected < 0.103.3-1.4fixed 0.103.3-1.4
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
- CVE-2005-3303Nov 5, 2005affected < 0.103.3-1.4fixed 0.103.3-1.4
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
- CVE-2005-3239Oct 14, 2005affected < 0.103.3-1.4fixed 0.103.3-1.4
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
Page 5 of 5