libclamav
by ClamAV
CVEs (8)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-5314 | 0.04 | — | 0.08 | Dec 3, 2008 | Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. | |||
| CVE-2007-6335 | 0.04 | — | 0.18 | Dec 20, 2007 | Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. | |||
| CVE-2008-0314 | 0.01 | — | 0.09 | Apr 16, 2008 | Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. | |||
| CVE-2008-1833 | 0.01 | — | 0.09 | Apr 16, 2008 | Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. | |||
| CVE-2008-0318 | 0.01 | — | 0.08 | Feb 12, 2008 | Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. | |||
| CVE-2008-3912 | 0.00 | — | 0.03 | Sep 11, 2008 | libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | |||
| CVE-2008-1836 | 0.00 | — | 0.04 | Apr 16, 2008 | The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. | |||
| CVE-2008-0728 | 0.00 | — | 0.03 | Feb 12, 2008 | The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." |
- CVE-2008-5314Dec 3, 2008risk 0.04cvss —epss 0.08
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
- CVE-2007-6335Dec 20, 2007risk 0.04cvss —epss 0.18
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
- CVE-2008-0314Apr 16, 2008risk 0.01cvss —epss 0.09
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
- CVE-2008-1833Apr 16, 2008risk 0.01cvss —epss 0.09
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
- CVE-2008-0318Feb 12, 2008risk 0.01cvss —epss 0.08
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
- CVE-2008-3912Sep 11, 2008risk 0.00cvss —epss 0.03
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
- CVE-2008-1836Apr 16, 2008risk 0.00cvss —epss 0.04
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
- CVE-2008-0728Feb 12, 2008risk 0.00cvss —epss 0.03
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."