Clamav
by ClamAV
Source repositories
CVEs (147)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2005-3303 | 0.01 | — | 0.07 | Nov 5, 2005 | The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. | |||
| CVE-2005-2920 | 0.01 | — | 0.08 | Sep 20, 2005 | Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. | |||
| CVE-2026-20031 | 0.00 | — | 0.00 | Mar 4, 2026 | A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An… | |||
| CVE-2025-20260 | 0.00 | — | 0.02 | Jun 18, 2025 | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory… | |||
| CVE-2025-20234 | 0.00 | — | 0.01 | Jun 18, 2025 | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could… | |||
| CVE-2024-20506 | 0.00 | — | 0.00 | Sep 4, 2024 | A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local… | |||
| CVE-2024-20505 | 0.00 | — | 0.01 | Sep 4, 2024 | A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote… | |||
| CVE-2024-20380 | 0.00 | — | 0.01 | Apr 18, 2024 | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this… | |||
| CVE-2024-20328 | 0.00 | — | 0.85 | Mar 1, 2024 | A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by… | |||
| CVE-2022-20803 | 0.00 | — | 0.01 | Feb 17, 2023 | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that… | |||
| CVE-2022-20792 | 0.00 | — | 0.01 | Aug 10, 2022 | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly… | |||
| CVE-2022-20698 | 0.00 | — | 0.03 | Jan 14, 2022 | A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to… | |||
| CVE-2021-1404 | 0.00 | — | 0.02 | Apr 8, 2021 | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that… | |||
| CVE-2021-1252 | 0.00 | — | 0.03 | Apr 8, 2021 | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error… | |||
| CVE-2020-3341 | 0.00 | — | 0.03 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read.… | |||
| CVE-2020-3123 | 0.00 | — | 0.03 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds… | |||
| CVE-2019-15961 | 0.00 | — | 0.03 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing… | |||
| CVE-2013-7089 | 0.00 | — | 0.02 | Nov 15, 2019 | ClamAV before 0.97.7: dbg_printhex possible information leak | |||
| CVE-2013-7088 | 0.00 | — | 0.03 | Nov 15, 2019 | ClamAV before 0.97.7 has buffer overflow in the libclamav component | |||
| CVE-2013-7087 | 0.00 | — | 0.03 | Nov 15, 2019 | ClamAV before 0.97.7 has WWPack corrupt heap memory |
- CVE-2005-3303Nov 5, 2005risk 0.01cvss —epss 0.07
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
- CVE-2005-2920Sep 20, 2005risk 0.01cvss —epss 0.08
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
- CVE-2026-20031Mar 4, 2026risk 0.00cvss —epss 0.00
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An…
- CVE-2025-20260Jun 18, 2025risk 0.00cvss —epss 0.02
A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory…
- CVE-2025-20234Jun 18, 2025risk 0.00cvss —epss 0.01
A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could…
- CVE-2024-20506Sep 4, 2024risk 0.00cvss —epss 0.00
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local…
- CVE-2024-20505Sep 4, 2024risk 0.00cvss —epss 0.01
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote…
- CVE-2024-20380Apr 18, 2024risk 0.00cvss —epss 0.01
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this…
- CVE-2024-20328Mar 1, 2024risk 0.00cvss —epss 0.85
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…
- CVE-2022-20803Feb 17, 2023risk 0.00cvss —epss 0.01
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that…
- CVE-2022-20792Aug 10, 2022risk 0.00cvss —epss 0.01
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly…
- CVE-2022-20698Jan 14, 2022risk 0.00cvss —epss 0.03
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to…
- CVE-2021-1404Apr 8, 2021risk 0.00cvss —epss 0.02
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that…
- CVE-2021-1252Apr 8, 2021risk 0.00cvss —epss 0.03
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error…
- CVE-2020-3341May 13, 2020risk 0.00cvss —epss 0.03
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read.…
- CVE-2020-3123Feb 5, 2020risk 0.00cvss —epss 0.03
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds…
- CVE-2019-15961Jan 15, 2020risk 0.00cvss —epss 0.03
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing…
- CVE-2013-7089Nov 15, 2019risk 0.00cvss —epss 0.02
ClamAV before 0.97.7: dbg_printhex possible information leak
- CVE-2013-7088Nov 15, 2019risk 0.00cvss —epss 0.03
ClamAV before 0.97.7 has buffer overflow in the libclamav component
- CVE-2013-7087Nov 15, 2019risk 0.00cvss —epss 0.03
ClamAV before 0.97.7 has WWPack corrupt heap memory
Page 3 of 8