Clamav
by ClamAV
Source repositories
CVEs (147)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2007-6745 | 0.00 | — | 0.02 | Nov 7, 2019 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||
| CVE-2019-1789 | 0.00 | — | 0.01 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | |||
| CVE-2019-12625 | 0.00 | — | 0.02 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | |||
| CVE-2019-1798 | 0.00 | — | 0.01 | Apr 8, 2019 | A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a… | |||
| CVE-2019-1785 | 0.00 | — | 0.02 | Apr 8, 2019 | A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper… | |||
| CVE-2019-1786 | 0.00 | — | 0.01 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is… | |||
| CVE-2018-15378 | 0.00 | — | 0.01 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an… | |||
| CVE-2018-1000085 | Med | 0.00 | 5.5 | 0.02 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted… | ||
| CVE-2015-2668 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||
| CVE-2015-2222 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||
| CVE-2015-2221 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||
| CVE-2015-2170 | 0.00 | — | 0.03 | May 12, 2015 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2015-1463 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||
| CVE-2015-1462 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1461 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||
| CVE-2014-9328 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |||
| CVE-2014-9050 | 0.00 | — | 0.05 | Dec 1, 2014 | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | |||
| CVE-2013-6497 | 0.00 | — | 0.01 | Dec 1, 2014 | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||
| CVE-2013-2021 | 0.00 | — | 0.04 | May 13, 2013 | pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. | |||
| CVE-2013-2020 | 0.00 | — | 0.04 | May 13, 2013 | Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. |
- CVE-2007-6745Nov 7, 2019risk 0.00cvss —epss 0.02
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
- CVE-2019-1789Nov 5, 2019risk 0.00cvss —epss 0.01
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- CVE-2019-12625Nov 5, 2019risk 0.00cvss —epss 0.02
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-1798Apr 8, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a…
- CVE-2019-1785Apr 8, 2019risk 0.00cvss —epss 0.02
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper…
- CVE-2019-1786Apr 8, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…
- CVE-2018-15378Oct 15, 2018risk 0.00cvss —epss 0.01
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an…
- risk 0.00cvss 5.5epss 0.02
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted…
- CVE-2015-2668May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
- CVE-2015-2222May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
- CVE-2015-2221May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
- CVE-2015-2170May 12, 2015risk 0.00cvss —epss 0.03
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
- CVE-2015-1463Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
- CVE-2015-1462Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
- CVE-2015-1461Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
- CVE-2014-9328Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
- CVE-2014-9050Dec 1, 2014risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
- CVE-2013-6497Dec 1, 2014risk 0.00cvss —epss 0.01
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
- CVE-2013-2021May 13, 2013risk 0.00cvss —epss 0.04
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
- CVE-2013-2020May 13, 2013risk 0.00cvss —epss 0.04
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.
Page 4 of 8