VYPR

Vendor CVEs

ClamAV

All CVEs

154 total · sorted by risk
  • CVE-2024-20505Sep 4, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote…

  • CVE-2024-20380Apr 18, 2024
    risk 0.00cvss epss 0.01

    A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this…

  • CVE-2024-24245Apr 9, 2024
    risk 0.00cvss epss 0.00

    An issue in Canimaan Software LTD ClamXAV v3.1.2 through v3.6.1 and fixed in v.3.6.2 allows a local attacker to escalate privileges via the ClamXAV helper tool component.

  • CVE-2024-20328Mar 1, 2024
    risk 0.00cvss epss 0.85

    A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by…

  • CVE-2022-20803Feb 17, 2023
    risk 0.00cvss epss 0.01

    A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that…

  • CVE-2022-20792Aug 10, 2022
    risk 0.00cvss epss 0.01

    A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly…

  • CVE-2022-20698Jan 14, 2022
    risk 0.00cvss epss 0.03

    A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to…

  • CVE-2021-1404Apr 8, 2021
    risk 0.00cvss epss 0.02

    A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that…

  • CVE-2021-1252Apr 8, 2021
    risk 0.00cvss epss 0.03

    A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error…

  • CVE-2020-26893Oct 16, 2020
    risk 0.00cvss epss 0.00

    An issue was discovered in ClamXAV 3 before 3.1.1. A malicious actor could use a properly signed copy of ClamXAV 2 (running with an injected malicious dylib) to communicate with ClamXAV 3's helper tool and perform privileged operations. This occurs because of inadequate client…

  • CVE-2020-3341May 13, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read.…

  • CVE-2020-3123Feb 5, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds…

  • CVE-2019-15961Jan 15, 2020
    risk 0.00cvss epss 0.03

    A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing…

  • CVE-2013-7089Nov 15, 2019
    risk 0.00cvss epss 0.02

    ClamAV before 0.97.7: dbg_printhex possible information leak

  • CVE-2013-7088Nov 15, 2019
    risk 0.00cvss epss 0.03

    ClamAV before 0.97.7 has buffer overflow in the libclamav component

  • CVE-2013-7087Nov 15, 2019
    risk 0.00cvss epss 0.03

    ClamAV before 0.97.7 has WWPack corrupt heap memory

  • CVE-2007-6745Nov 7, 2019
    risk 0.00cvss epss 0.02

    clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

  • CVE-2019-1789Nov 5, 2019
    risk 0.00cvss epss 0.01

    ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

  • CVE-2019-12625Nov 5, 2019
    risk 0.00cvss epss 0.02

    ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

  • CVE-2019-1798Apr 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a…

  • CVE-2019-1785Apr 8, 2019
    risk 0.00cvss epss 0.02

    A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper…

  • CVE-2019-1786Apr 8, 2019
    risk 0.00cvss epss 0.01

    A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is…

  • CVE-2018-15378Oct 15, 2018
    risk 0.00cvss epss 0.01

    A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an…

  • CVE-2018-1000085MedMar 13, 2018
    risk 0.00cvss 5.5epss 0.02

    ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted…

  • CVE-2015-2668May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

  • CVE-2015-2222May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

  • CVE-2015-2221May 12, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

  • CVE-2015-2170May 12, 2015
    risk 0.00cvss epss 0.03

    The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

  • CVE-2015-1463Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

  • CVE-2015-1462Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

  • CVE-2015-1461Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

  • CVE-2014-9328Feb 3, 2015
    risk 0.00cvss epss 0.03

    ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

  • CVE-2014-9050Dec 1, 2014
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

  • CVE-2013-6497Dec 1, 2014
    risk 0.00cvss epss 0.01

    clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

  • CVE-2013-2021May 13, 2013
    risk 0.00cvss epss 0.04

    pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

  • CVE-2013-2020May 13, 2013
    risk 0.00cvss epss 0.04

    Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

  • CVE-2011-3627Nov 17, 2011
    risk 0.00cvss epss 0.03

    The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

  • CVE-2011-2721Aug 5, 2011
    risk 0.00cvss epss 0.03

    Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

  • CVE-2011-1003Feb 23, 2011
    risk 0.00cvss epss 0.04

    Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these…

  • CVE-2010-4479Dec 7, 2010
    risk 0.00cvss epss 0.05

    Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

  • CVE-2010-4261Dec 7, 2010
    risk 0.00cvss epss 0.05

    Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are…

  • CVE-2010-4260Dec 7, 2010
    risk 0.00cvss epss 0.05

    Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

  • CVE-2010-1640May 26, 2010
    risk 0.00cvss epss 0.03

    Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

  • CVE-2010-1639May 26, 2010
    risk 0.00cvss epss 0.03

    The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

  • CVE-2010-1311Apr 8, 2010
    risk 0.00cvss epss 0.03

    The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are…

  • CVE-2010-0098Apr 8, 2010
    risk 0.00cvss epss 0.05

    ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

  • CVE-2008-6845Jul 2, 2009
    risk 0.00cvss epss 0.02

    The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

  • CVE-2009-1371Apr 23, 2009
    risk 0.00cvss epss 0.03

    The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

  • CVE-2009-1270Apr 8, 2009
    risk 0.00cvss epss 0.05

    libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.

  • CVE-2008-6680Apr 8, 2009
    risk 0.00cvss epss 0.04

    libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.