VYPR

Clamav

by ClamAV

Source repositories

CVEs (147)

  • CVE-2011-3627Nov 17, 2011
    risk 0.00cvss epss 0.03

    The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

  • CVE-2011-2721Aug 5, 2011
    risk 0.00cvss epss 0.03

    Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

  • CVE-2011-1003Feb 23, 2011
    risk 0.00cvss epss 0.04

    Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these…

  • CVE-2010-4479Dec 7, 2010
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

  • CVE-2010-4261Dec 7, 2010
    risk 0.00cvss epss 0.05

    Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are…

  • CVE-2010-4260Dec 7, 2010
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

  • CVE-2010-1640May 26, 2010
    risk 0.00cvss epss 0.03

    Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

  • CVE-2010-1639May 26, 2010
    risk 0.00cvss epss 0.03

    The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

  • CVE-2010-1311Apr 8, 2010
    risk 0.00cvss epss 0.03

    The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are…

  • CVE-2010-0098Apr 8, 2010
    risk 0.00cvss epss 0.05

    ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

  • CVE-2008-6845Jul 2, 2009
    risk 0.00cvss epss 0.02

    The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

  • CVE-2009-1371Apr 23, 2009
    risk 0.00cvss epss 0.03

    The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

  • CVE-2009-1270Apr 8, 2009
    risk 0.00cvss epss 0.05

    libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

  • CVE-2008-6680Apr 8, 2009
    risk 0.00cvss epss 0.04

    libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.

  • CVE-2009-1241Apr 3, 2009
    risk 0.00cvss epss 0.04

    Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.

  • CVE-2008-5525Dec 12, 2008
    risk 0.00cvss epss 0.03

    ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt…

  • CVE-2008-3914Sep 11, 2008
    risk 0.00cvss epss 0.04

    Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.

  • CVE-2008-3913Sep 11, 2008
    risk 0.00cvss epss 0.03

    Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".

  • CVE-2008-3912Sep 11, 2008
    risk 0.00cvss epss 0.03

    libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.

  • CVE-2008-1389Sep 4, 2008
    risk 0.00cvss epss 0.03

    libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Page 5 of 8