Search
Total
62 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2006-2427 | 1 Clam Anti-virus | 2 Clamav, Clamxav | 2018-10-18 | 7.2 HIGH | N/A |
| freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. | |||||
| CVE-2006-1614 | 1 Clam Anti-virus | 1 Clamav | 2018-10-18 | 5.1 MEDIUM | N/A |
| Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. | |||||
| CVE-2006-6406 | 1 Clam Anti-virus | 1 Clamav | 2018-10-17 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. | |||||
| CVE-2007-6596 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 5.0 MEDIUM | N/A |
| ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. | |||||
| CVE-2007-6595 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 2.1 LOW | N/A |
| ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. | |||||
| CVE-2007-4560 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 7.6 HIGH | N/A |
| clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." | |||||
| CVE-2007-3725 | 1 Clam Anti-virus | 1 Clamav | 2018-10-15 | 4.3 MEDIUM | N/A |
| The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. | |||||
| CVE-2008-5050 | 1 Clam Anti-virus | 1 Clamav | 2018-10-11 | 9.3 HIGH | N/A |
| Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-1387 | 1 Clam Anti-virus | 1 Clamav | 2018-10-11 | 4.3 MEDIUM | N/A |
| ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||||
| CVE-2004-0270 | 1 Clam Anti-virus | 1 Clamav | 2017-10-10 | 5.0 MEDIUM | N/A |
| libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. | |||||
| CVE-2008-5314 | 1 Clam Anti-virus | 1 Clamav | 2017-09-29 | 4.3 MEDIUM | N/A |
| Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. | |||||
| CVE-2007-6335 | 1 Clam Anti-virus | 1 Clamav | 2017-09-29 | 7.5 HIGH | N/A |
| Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. | |||||
| CVE-2008-3215 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. | |||||
| CVE-2008-2713 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. | |||||
| CVE-2008-1837 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats. | |||||
| CVE-2008-1833 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary. | |||||
| CVE-2008-1835 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 5.0 MEDIUM | N/A |
| ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. | |||||
| CVE-2008-1836 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 4.3 MEDIUM | N/A |
| The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. | |||||
| CVE-2008-1100 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 10.0 HIGH | N/A |
| Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file. | |||||
| CVE-2008-0314 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value. | |||||
| CVE-2007-6336 | 1 Clam Anti-virus | 1 Clamav | 2017-08-08 | 6.8 MEDIUM | N/A |
| Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. | |||||
| CVE-2007-4510 | 2 Clam Anti-virus, Kolab | 2 Clamav, Kolab Server | 2017-07-29 | 4.3 MEDIUM | N/A |
| ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-3122 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 5.0 MEDIUM | N/A |
| The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. | |||||
| CVE-2007-1997 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 7.5 HIGH | N/A |
| Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. | |||||
| CVE-2007-2029 | 2 Clam Anti-virus, Debian | 2 Clamav, Debian Linux | 2017-07-29 | 7.8 HIGH | N/A |
| File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. | |||||
| CVE-2007-3123 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 5.0 MEDIUM | N/A |
| unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. | |||||
| CVE-2007-0897 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 4.3 MEDIUM | N/A |
| Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | |||||
| CVE-2007-1745 | 2 Clam Anti-virus, Ifenslave | 2 Clamav, Ifenslave | 2017-07-29 | 7.1 HIGH | N/A |
| The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2007-0898 | 1 Clam Anti-virus | 1 Clamav | 2017-07-29 | 6.4 MEDIUM | N/A |
| Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. | |||||
| CVE-2006-5295 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." | |||||
| CVE-2006-4182 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 7.5 HIGH | N/A |
| Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. | |||||
| CVE-2006-1989 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 5.1 MEDIUM | N/A |
| Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. | |||||
| CVE-2006-1630 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 5.0 MEDIUM | N/A |
| The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." | |||||
| CVE-2006-0162 | 1 Clam Anti-virus | 1 Clamav | 2017-07-20 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. | |||||
| CVE-2005-2920 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 7.5 HIGH | N/A |
| Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. | |||||
| CVE-2005-2919 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 5.0 MEDIUM | N/A |
| libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable. | |||||
| CVE-2005-2450 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 7.5 HIGH | N/A |
| Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message. | |||||
| CVE-2004-1909 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 2.6 LOW | N/A |
| Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm. | |||||
| CVE-2004-1876 | 1 Clam Anti-virus | 1 Clamav | 2017-07-11 | 4.6 MEDIUM | N/A |
| The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name. | |||||
| CVE-2005-3229 | 1 Clam Anti-virus | 1 Clamav | 2016-10-18 | 5.1 MEDIUM | N/A |
| Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. | |||||
| CVE-2003-0946 | 1 Clam Anti-virus | 1 Clamav | 2016-10-18 | 7.5 HIGH | N/A |
| Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command. | |||||
| CVE-2005-1795 | 1 Clam Anti-virus | 1 Clamav | 2016-05-25 | 7.5 HIGH | N/A |
| The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked. | |||||
| CVE-2007-3023 | 1 Clam Anti-virus | 1 Clamav | 2012-10-31 | 10.0 HIGH | N/A |
| unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. | |||||
| CVE-2008-1389 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 5.0 MEDIUM | N/A |
| libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access." | |||||
| CVE-2007-6337 | 2 Clam Anti-virus, Gentoo | 2 Clamav, Linux | 2011-03-08 | 10.0 HIGH | N/A |
| Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors. | |||||
| CVE-2006-6481 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406. | |||||
| CVE-2005-3303 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 7.5 HIGH | N/A |
| The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. | |||||
| CVE-2005-3500 | 1 Clam Anti-virus | 1 Clamav | 2011-03-08 | 5.0 MEDIUM | N/A |
| The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. | |||||
| CVE-2008-0318 | 1 Clam Anti-virus | 1 Clamav | 2011-03-07 | 10.0 HIGH | N/A |
| Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow. | |||||
| CVE-2006-5874 | 1 Clam Anti-virus | 1 Clamav | 2010-09-15 | 5.0 MEDIUM | N/A |
| Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. | |||||