VYPR

Clamav

by ClamAV

Source repositories

CVEs (147)

  • CVE-2007-6335Dec 20, 2007
    risk 0.04cvss epss 0.18

    Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

  • CVE-2007-3725Jul 12, 2007
    risk 0.04cvss epss 0.08

    The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

  • CVE-2006-5295Oct 16, 2006
    risk 0.04cvss epss 0.10

    Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

  • CVE-2006-4018Aug 8, 2006
    risk 0.04cvss epss 0.18

    Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

  • CVE-2004-0270Nov 23, 2004
    risk 0.04cvss epss 0.10

    libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

  • CVE-2012-1419Mar 21, 2012
    risk 0.03cvss epss 0.41

    The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is…

  • CVE-2005-1800May 28, 2005
    risk 0.03cvss epss 0.03

    Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.

  • CVE-2020-3481Jul 20, 2020
    risk 0.01cvss epss 0.03

    A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference.…

  • CVE-2020-3327May 13, 2020
    risk 0.01cvss epss 0.05

    A vulnerability in the ARJ archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a heap buffer overflow read. An…

  • CVE-2019-1788Apr 8, 2019
    risk 0.01cvss epss 0.02

    A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is…

  • CVE-2010-3434Sep 30, 2010
    risk 0.01cvss epss 0.07

    Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from…

  • CVE-2009-1372Apr 23, 2009
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.

  • CVE-2008-5050Nov 13, 2008
    risk 0.01cvss epss 0.08

    Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based…

  • CVE-2008-0314Apr 16, 2008
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

  • CVE-2008-1833Apr 16, 2008
    risk 0.01cvss epss 0.09

    Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.

  • CVE-2008-1100Apr 14, 2008
    risk 0.01cvss epss 0.11

    Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.

  • CVE-2008-0318Feb 12, 2008
    risk 0.01cvss epss 0.08

    Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

  • CVE-2006-1614Apr 6, 2006
    risk 0.01cvss epss 0.08

    Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.

  • CVE-2006-1615Apr 6, 2006
    risk 0.01cvss epss 0.11

    Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are…

  • CVE-2006-0162Jan 10, 2006
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.

Page 2 of 8