VYPR
Vendor

Clam AntiVirus

Products
3
CVEs
11
Across products
11
Status
Private

Products

3

Recent CVEs

11
  • CVE-2022-20770HigMay 4, 2022
    risk 0.56cvss 8.6epss 0.07

    On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior…

  • CVE-2021-1405HigApr 8, 2021
    risk 0.49cvss 7.5epss 0.03

    A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable…

  • CVE-2007-0897HigFeb 16, 2007
    risk 0.49cvss 7.5epss 0.03

    Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a…

  • CVE-2020-3350MedJun 18, 2020
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the endpoint software of Cisco AMP for Endpoints and Clam AntiVirus could allow an authenticated, local attacker to cause the running software to delete arbitrary files on the system. The vulnerability is due to a race condition that could occur when scanning…

  • CVE-2019-1787MedApr 8, 2019
    risk 0.36cvss 5.5epss 0.02

    A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2004-0270Nov 23, 2004
    risk 0.04cvss epss 0.10

    libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

  • CVE-2008-5050Nov 13, 2008
    risk 0.01cvss epss 0.08

    Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based…

  • CVE-2006-0162Jan 10, 2006
    risk 0.01cvss epss 0.10

    Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.

  • CVE-2007-2029Apr 30, 2007
    risk 0.00cvss epss 0.03

    File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

  • CVE-2004-1876Mar 30, 2004
    risk 0.00cvss epss 0.01

    The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.

  • CVE-2003-0946Dec 15, 2003
    risk 0.00cvss epss 0.03

    Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL…