VYPR

Clamav

by ClamAV

Source repositories

CVEs (147)

  • CVE-2007-6745Nov 7, 2019
    risk 0.00cvss epss 0.02

    clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

  • CVE-2019-1789Nov 5, 2019
    risk 0.00cvss epss 0.01

    ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

  • CVE-2019-12625Nov 5, 2019
    risk 0.00cvss epss 0.02

    ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

  • CVE-2019-1798Apr 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a…

  • CVE-2019-1785Apr 8, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper…

  • CVE-2019-1786Apr 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2018-15378Oct 15, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an…

  • CVE-2018-1000085MedMar 13, 2018
    risk 0.00cvss 5.5epss 0.02

    ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted…

  • CVE-2015-2668May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

  • CVE-2015-2222May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

  • CVE-2015-2221May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

  • CVE-2015-2170May 12, 2015
    risk 0.00cvss epss 0.03

    The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2015-1463Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

  • CVE-2015-1462Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

  • CVE-2015-1461Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

  • CVE-2014-9328Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

  • CVE-2014-9050Dec 1, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

  • CVE-2013-6497Dec 1, 2014
    risk 0.00cvss epss 0.01

    clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

  • CVE-2013-2021May 13, 2013
    risk 0.00cvss epss 0.04

    pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

  • CVE-2013-2020May 13, 2013
    risk 0.00cvss epss 0.04

    Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Page 4 of 8