Clamav
by ClamAV
Source repositories
CVEs (147)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2011-3627 | 0.00 | — | 0.03 | Nov 17, 2011 | The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | |||
| CVE-2011-2721 | 0.00 | — | 0.03 | Aug 5, 2011 | Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. | |||
| CVE-2011-1003 | 0.00 | — | 0.04 | Feb 23, 2011 | Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these… | |||
| CVE-2010-4479 | 0.00 | — | 0.05 | Dec 7, 2010 | Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. | |||
| CVE-2010-4261 | 0.00 | — | 0.05 | Dec 7, 2010 | Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are… | |||
| CVE-2010-4260 | 0.00 | — | 0.05 | Dec 7, 2010 | Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | |||
| CVE-2010-1640 | 0.00 | — | 0.03 | May 26, 2010 | Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. | |||
| CVE-2010-1639 | 0.00 | — | 0.03 | May 26, 2010 | The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | |||
| CVE-2010-1311 | 0.00 | — | 0.03 | Apr 8, 2010 | The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are… | |||
| CVE-2010-0098 | 0.00 | — | 0.05 | Apr 8, 2010 | ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. | |||
| CVE-2008-6845 | 0.00 | — | 0.02 | Jul 2, 2009 | The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. | |||
| CVE-2009-1371 | 0.00 | — | 0.03 | Apr 23, 2009 | The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. | |||
| CVE-2009-1270 | 0.00 | — | 0.05 | Apr 8, 2009 | libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. | |||
| CVE-2008-6680 | 0.00 | — | 0.04 | Apr 8, 2009 | libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. | |||
| CVE-2009-1241 | 0.00 | — | 0.04 | Apr 3, 2009 | Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. | |||
| CVE-2008-5525 | 0.00 | — | 0.03 | Dec 12, 2008 | ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt… | |||
| CVE-2008-3914 | 0.00 | — | 0.04 | Sep 11, 2008 | Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | |||
| CVE-2008-3913 | 0.00 | — | 0.03 | Sep 11, 2008 | Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | |||
| CVE-2008-3912 | 0.00 | — | 0.03 | Sep 11, 2008 | libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | |||
| CVE-2008-1389 | 0.00 | — | 0.03 | Sep 4, 2008 | libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." |
- CVE-2011-3627Nov 17, 2011risk 0.00cvss —epss 0.03
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
- CVE-2011-2721Aug 5, 2011risk 0.00cvss —epss 0.03
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
- CVE-2011-1003Feb 23, 2011risk 0.00cvss —epss 0.04
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these…
- CVE-2010-4479Dec 7, 2010risk 0.00cvss —epss 0.05
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.
- CVE-2010-4261Dec 7, 2010risk 0.00cvss —epss 0.05
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are…
- CVE-2010-4260Dec 7, 2010risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."
- CVE-2010-1640May 26, 2010risk 0.00cvss —epss 0.03
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.
- CVE-2010-1639May 26, 2010risk 0.00cvss —epss 0.03
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.
- CVE-2010-1311Apr 8, 2010risk 0.00cvss —epss 0.03
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are…
- CVE-2010-0098Apr 8, 2010risk 0.00cvss —epss 0.05
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
- CVE-2008-6845Jul 2, 2009risk 0.00cvss —epss 0.02
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
- CVE-2009-1371Apr 23, 2009risk 0.00cvss —epss 0.03
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
- CVE-2009-1270Apr 8, 2009risk 0.00cvss —epss 0.05
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
- CVE-2008-6680Apr 8, 2009risk 0.00cvss —epss 0.04
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
- CVE-2009-1241Apr 3, 2009risk 0.00cvss —epss 0.04
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
- CVE-2008-5525Dec 12, 2008risk 0.00cvss —epss 0.03
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt…
- CVE-2008-3914Sep 11, 2008risk 0.00cvss —epss 0.04
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
- CVE-2008-3913Sep 11, 2008risk 0.00cvss —epss 0.03
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
- CVE-2008-3912Sep 11, 2008risk 0.00cvss —epss 0.03
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
- CVE-2008-1389Sep 4, 2008risk 0.00cvss —epss 0.03
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
Page 5 of 8