Clamav
by ClamAV
Source repositories
CVEs (147)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2008-3215 | 0.00 | — | 0.05 | Jul 18, 2008 | libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. | |||
| CVE-2008-2713 | 0.00 | — | 0.05 | Jun 16, 2008 | libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | |||
| CVE-2008-1387 | 0.00 | — | 0.04 | Apr 16, 2008 | ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||
| CVE-2008-1837 | 0.00 | — | 0.05 | Apr 16, 2008 | libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||
| CVE-2008-1835 | 0.00 | — | 0.04 | Apr 16, 2008 | ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. | |||
| CVE-2008-1836 | 0.00 | — | 0.04 | Apr 16, 2008 | The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. | |||
| CVE-2008-0728 | 0.00 | — | 0.03 | Feb 12, 2008 | The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." | |||
| CVE-2007-6595 | 0.00 | — | 0.00 | Dec 31, 2007 | ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. | |||
| CVE-2007-6596 | 0.00 | — | 0.02 | Dec 31, 2007 | ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | |||
| CVE-2007-6337 | 0.00 | — | 0.03 | Dec 31, 2007 | Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | |||
| CVE-2007-6336 | 0.00 | — | 0.04 | Dec 20, 2007 | Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||
| CVE-2007-6029 | 0.00 | — | 0.03 | Nov 20, 2007 | Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or… | |||
| CVE-2007-4510 | 0.00 | — | 0.02 | Aug 23, 2007 | ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a… | |||
| CVE-2007-3025 | 0.00 | — | 0.01 | Jun 7, 2007 | Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. | |||
| CVE-2007-3024 | 0.00 | — | 0.00 | Jun 7, 2007 | libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. | |||
| CVE-2007-3122 | 0.00 | — | 0.03 | Jun 7, 2007 | The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | |||
| CVE-2007-3023 | 0.00 | — | 0.02 | Jun 7, 2007 | unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. | |||
| CVE-2007-3123 | 0.00 | — | 0.03 | Jun 7, 2007 | unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. | |||
| CVE-2007-2650 | 0.00 | — | 0.03 | May 14, 2007 | The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | |||
| CVE-2007-2029 | 0.00 | — | 0.03 | Apr 30, 2007 | File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. |
- CVE-2008-3215Jul 18, 2008risk 0.00cvss —epss 0.05
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
- CVE-2008-2713Jun 16, 2008risk 0.00cvss —epss 0.05
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
- CVE-2008-1387Apr 16, 2008risk 0.00cvss —epss 0.04
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
- CVE-2008-1837Apr 16, 2008risk 0.00cvss —epss 0.05
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
- CVE-2008-1835Apr 16, 2008risk 0.00cvss —epss 0.04
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
- CVE-2008-1836Apr 16, 2008risk 0.00cvss —epss 0.04
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
- CVE-2008-0728Feb 12, 2008risk 0.00cvss —epss 0.03
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
- CVE-2007-6595Dec 31, 2007risk 0.00cvss —epss 0.00
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
- CVE-2007-6596Dec 31, 2007risk 0.00cvss —epss 0.02
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
- CVE-2007-6337Dec 31, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
- CVE-2007-6336Dec 20, 2007risk 0.00cvss —epss 0.04
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
- CVE-2007-6029Nov 20, 2007risk 0.00cvss —epss 0.03
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or…
- CVE-2007-4510Aug 23, 2007risk 0.00cvss —epss 0.02
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a…
- CVE-2007-3025Jun 7, 2007risk 0.00cvss —epss 0.01
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
- CVE-2007-3024Jun 7, 2007risk 0.00cvss —epss 0.00
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
- CVE-2007-3122Jun 7, 2007risk 0.00cvss —epss 0.03
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
- CVE-2007-3023Jun 7, 2007risk 0.00cvss —epss 0.02
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
- CVE-2007-3123Jun 7, 2007risk 0.00cvss —epss 0.03
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
- CVE-2007-2650May 14, 2007risk 0.00cvss —epss 0.03
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
- CVE-2007-2029Apr 30, 2007risk 0.00cvss —epss 0.03
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
Page 6 of 8