VYPR

Clamav

by ClamAV

Source repositories

CVEs (147)

  • CVE-2008-3215Jul 18, 2008
    risk 0.00cvss epss 0.05

    libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.

  • CVE-2008-2713Jun 16, 2008
    risk 0.00cvss epss 0.05

    libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

  • CVE-2008-1387Apr 16, 2008
    risk 0.00cvss epss 0.04

    ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.

  • CVE-2008-1837Apr 16, 2008
    risk 0.00cvss epss 0.05

    libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.

  • CVE-2008-1835Apr 16, 2008
    risk 0.00cvss epss 0.04

    ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.

  • CVE-2008-1836Apr 16, 2008
    risk 0.00cvss epss 0.04

    The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.

  • CVE-2008-0728Feb 12, 2008
    risk 0.00cvss epss 0.03

    The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."

  • CVE-2007-6595Dec 31, 2007
    risk 0.00cvss epss 0.00

    ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

  • CVE-2007-6596Dec 31, 2007
    risk 0.00cvss epss 0.02

    ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.

  • CVE-2007-6337Dec 31, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.

  • CVE-2007-6336Dec 20, 2007
    risk 0.00cvss epss 0.04

    Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

  • CVE-2007-6029Nov 20, 2007
    risk 0.00cvss epss 0.03

    Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or…

  • CVE-2007-4510Aug 23, 2007
    risk 0.00cvss epss 0.02

    ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a…

  • CVE-2007-3025Jun 7, 2007
    risk 0.00cvss epss 0.01

    Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

  • CVE-2007-3024Jun 7, 2007
    risk 0.00cvss epss 0.00

    libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

  • CVE-2007-3122Jun 7, 2007
    risk 0.00cvss epss 0.03

    The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

  • CVE-2007-3023Jun 7, 2007
    risk 0.00cvss epss 0.02

    unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

  • CVE-2007-3123Jun 7, 2007
    risk 0.00cvss epss 0.03

    unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

  • CVE-2007-2650May 14, 2007
    risk 0.00cvss epss 0.03

    The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.

  • CVE-2007-2029Apr 30, 2007
    risk 0.00cvss epss 0.03

    File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

Page 6 of 8