Vendor CVEs
ClamAV
All CVEs
154 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2024-20505 | 0.00 | — | 0.01 | Sep 4, 2024 | A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote… | |||
| CVE-2024-20380 | 0.00 | — | 0.01 | Apr 18, 2024 | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this… | |||
| CVE-2024-24245 | 0.00 | — | 0.00 | Apr 9, 2024 | An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component. | |||
| CVE-2024-20328 | 0.00 | — | 0.85 | Mar 1, 2024 | A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by… | |||
| CVE-2022-20803 | 0.00 | — | 0.01 | Feb 17, 2023 | A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that… | |||
| CVE-2022-20792 | 0.00 | — | 0.01 | Aug 10, 2022 | A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly… | |||
| CVE-2022-20698 | 0.00 | — | 0.03 | Jan 14, 2022 | A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to… | |||
| CVE-2021-1404 | 0.00 | — | 0.02 | Apr 8, 2021 | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that… | |||
| CVE-2021-1252 | 0.00 | — | 0.03 | Apr 8, 2021 | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error… | |||
| CVE-2020-26893 | 0.00 | — | 0.00 | Oct 16, 2020 | An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client… | |||
| CVE-2020-3341 | 0.00 | — | 0.03 | May 13, 2020 | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read.… | |||
| CVE-2020-3123 | 0.00 | — | 0.03 | Feb 5, 2020 | A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds… | |||
| CVE-2019-15961 | 0.00 | — | 0.03 | Jan 15, 2020 | A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing… | |||
| CVE-2013-7089 | 0.00 | — | 0.02 | Nov 15, 2019 | ClamAV before 0.97.7: dbg_printhex possible information leak | |||
| CVE-2013-7088 | 0.00 | — | 0.03 | Nov 15, 2019 | ClamAV before 0.97.7 has buffer overflow in the libclamav component | |||
| CVE-2013-7087 | 0.00 | — | 0.03 | Nov 15, 2019 | ClamAV before 0.97.7 has WWPack corrupt heap memory | |||
| CVE-2007-6745 | 0.00 | — | 0.02 | Nov 7, 2019 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | |||
| CVE-2019-1789 | 0.00 | — | 0.01 | Nov 5, 2019 | ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. | |||
| CVE-2019-12625 | 0.00 | — | 0.02 | Nov 5, 2019 | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. | |||
| CVE-2019-1798 | 0.00 | — | 0.01 | Apr 8, 2019 | A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a… | |||
| CVE-2019-1785 | 0.00 | — | 0.02 | Apr 8, 2019 | A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper… | |||
| CVE-2019-1786 | 0.00 | — | 0.01 | Apr 8, 2019 | A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is… | |||
| CVE-2018-15378 | 0.00 | — | 0.01 | Oct 15, 2018 | A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an… | |||
| CVE-2018-1000085 | Med | 0.00 | 5.5 | 0.02 | Mar 13, 2018 | ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted… | ||
| CVE-2015-2668 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||
| CVE-2015-2222 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||
| CVE-2015-2221 | 0.00 | — | 0.03 | May 12, 2015 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||
| CVE-2015-2170 | 0.00 | — | 0.03 | May 12, 2015 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||
| CVE-2015-1463 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||
| CVE-2015-1462 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||
| CVE-2015-1461 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||
| CVE-2014-9328 | 0.00 | — | 0.03 | Feb 3, 2015 | ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |||
| CVE-2014-9050 | 0.00 | — | 0.05 | Dec 1, 2014 | Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | |||
| CVE-2013-6497 | 0.00 | — | 0.01 | Dec 1, 2014 | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||
| CVE-2013-2021 | 0.00 | — | 0.04 | May 13, 2013 | pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. | |||
| CVE-2013-2020 | 0.00 | — | 0.04 | May 13, 2013 | Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. | |||
| CVE-2011-3627 | 0.00 | — | 0.03 | Nov 17, 2011 | The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | |||
| CVE-2011-2721 | 0.00 | — | 0.03 | Aug 5, 2011 | Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. | |||
| CVE-2011-1003 | 0.00 | — | 0.04 | Feb 23, 2011 | Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these… | |||
| CVE-2010-4479 | 0.00 | — | 0.05 | Dec 7, 2010 | Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. | |||
| CVE-2010-4261 | 0.00 | — | 0.05 | Dec 7, 2010 | Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are… | |||
| CVE-2010-4260 | 0.00 | — | 0.05 | Dec 7, 2010 | Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | |||
| CVE-2010-1640 | 0.00 | — | 0.03 | May 26, 2010 | Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. | |||
| CVE-2010-1639 | 0.00 | — | 0.03 | May 26, 2010 | The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | |||
| CVE-2010-1311 | 0.00 | — | 0.03 | Apr 8, 2010 | The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are… | |||
| CVE-2010-0098 | 0.00 | — | 0.05 | Apr 8, 2010 | ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. | |||
| CVE-2008-6845 | 0.00 | — | 0.02 | Jul 2, 2009 | The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. | |||
| CVE-2009-1371 | 0.00 | — | 0.03 | Apr 23, 2009 | The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. | |||
| CVE-2009-1270 | 0.00 | — | 0.05 | Apr 8, 2009 | libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. | |||
| CVE-2008-6680 | 0.00 | — | 0.04 | Apr 8, 2009 | libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. |
- CVE-2024-20505Sep 4, 2024risk 0.00cvss —epss 0.01
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote…
- CVE-2024-20380Apr 18, 2024risk 0.00cvss —epss 0.01
A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this…
- CVE-2024-24245Apr 9, 2024risk 0.00cvss —epss 0.00
An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.
- CVE-2024-20328Mar 1, 2024risk 0.00cvss —epss 0.85
A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…
- CVE-2022-20803Feb 17, 2023risk 0.00cvss —epss 0.01
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that…
- CVE-2022-20792Aug 10, 2022risk 0.00cvss —epss 0.01
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly…
- CVE-2022-20698Jan 14, 2022risk 0.00cvss —epss 0.03
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to…
- CVE-2021-1404Apr 8, 2021risk 0.00cvss —epss 0.02
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that…
- CVE-2021-1252Apr 8, 2021risk 0.00cvss —epss 0.03
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error…
- CVE-2020-26893Oct 16, 2020risk 0.00cvss —epss 0.00
An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client…
- CVE-2020-3341May 13, 2020risk 0.00cvss —epss 0.03
A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read.…
- CVE-2020-3123Feb 5, 2020risk 0.00cvss —epss 0.03
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds…
- CVE-2019-15961Jan 15, 2020risk 0.00cvss —epss 0.03
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing…
- CVE-2013-7089Nov 15, 2019risk 0.00cvss —epss 0.02
ClamAV before 0.97.7: dbg_printhex possible information leak
- CVE-2013-7088Nov 15, 2019risk 0.00cvss —epss 0.03
ClamAV before 0.97.7 has buffer overflow in the libclamav component
- CVE-2013-7087Nov 15, 2019risk 0.00cvss —epss 0.03
ClamAV before 0.97.7 has WWPack corrupt heap memory
- CVE-2007-6745Nov 7, 2019risk 0.00cvss —epss 0.02
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
- CVE-2019-1789Nov 5, 2019risk 0.00cvss —epss 0.01
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
- CVE-2019-12625Nov 5, 2019risk 0.00cvss —epss 0.02
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
- CVE-2019-1798Apr 8, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a…
- CVE-2019-1785Apr 8, 2019risk 0.00cvss —epss 0.02
A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper…
- CVE-2019-1786Apr 8, 2019risk 0.00cvss —epss 0.01
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…
- CVE-2018-15378Oct 15, 2018risk 0.00cvss —epss 0.01
A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an…
- risk 0.00cvss 5.5epss 0.02
ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted…
- CVE-2015-2668May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
- CVE-2015-2222May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
- CVE-2015-2221May 12, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
- CVE-2015-2170May 12, 2015risk 0.00cvss —epss 0.03
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
- CVE-2015-1463Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
- CVE-2015-1462Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
- CVE-2015-1461Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
- CVE-2014-9328Feb 3, 2015risk 0.00cvss —epss 0.03
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
- CVE-2014-9050Dec 1, 2014risk 0.00cvss —epss 0.05
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
- CVE-2013-6497Dec 1, 2014risk 0.00cvss —epss 0.01
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
- CVE-2013-2021May 13, 2013risk 0.00cvss —epss 0.04
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
- CVE-2013-2020May 13, 2013risk 0.00cvss —epss 0.04
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.
- CVE-2011-3627Nov 17, 2011risk 0.00cvss —epss 0.03
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.
- CVE-2011-2721Aug 5, 2011risk 0.00cvss —epss 0.03
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
- CVE-2011-1003Feb 23, 2011risk 0.00cvss —epss 0.04
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these…
- CVE-2010-4479Dec 7, 2010risk 0.00cvss —epss 0.05
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.
- CVE-2010-4261Dec 7, 2010risk 0.00cvss —epss 0.05
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are…
- CVE-2010-4260Dec 7, 2010risk 0.00cvss —epss 0.05
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."
- CVE-2010-1640May 26, 2010risk 0.00cvss —epss 0.03
Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.
- CVE-2010-1639May 26, 2010risk 0.00cvss —epss 0.03
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.
- CVE-2010-1311Apr 8, 2010risk 0.00cvss —epss 0.03
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are…
- CVE-2010-0098Apr 8, 2010risk 0.00cvss —epss 0.05
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
- CVE-2008-6845Jul 2, 2009risk 0.00cvss —epss 0.02
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
- CVE-2009-1371Apr 23, 2009risk 0.00cvss —epss 0.03
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
- CVE-2009-1270Apr 8, 2009risk 0.00cvss —epss 0.05
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
- CVE-2008-6680Apr 8, 2009risk 0.00cvss —epss 0.04
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
Page 2 of 4