Clam AntiVirus
CVEs (7)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2022-20770 | Hig | 0.56 | 8.6 | 0.07 | May 4, 2022 | On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior… | ||
| CVE-2021-1405 | Hig | 0.49 | 7.5 | 0.03 | Apr 8, 2021 | A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable… | ||
| CVE-2020-3350 | Med | 0.36 | 5.5 | 0.00 | Jun 18, 2020 | A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning… | ||
| CVE-2019-1787 | Med | 0.36 | 5.5 | 0.02 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is… | ||
| CVE-2004-0270 | 0.04 | — | 0.10 | Nov 23, 2004 | libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | |||
| CVE-2006-0162 | 0.01 | — | 0.10 | Jan 10, 2006 | Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | |||
| CVE-2004-1876 | 0.00 | — | 0.01 | Mar 30, 2004 | The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. |
- risk 0.56cvss 8.6epss 0.07
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior…
- risk 0.49cvss 7.5epss 0.03
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable…
- risk 0.36cvss 5.5epss 0.00
A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning…
- risk 0.36cvss 5.5epss 0.02
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…
- CVE-2004-0270Nov 23, 2004risk 0.04cvss —epss 0.10
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
- CVE-2006-0162Jan 10, 2006risk 0.01cvss —epss 0.10
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
- CVE-2004-1876Mar 30, 2004risk 0.00cvss —epss 0.01
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.