Vulnerabilities (CVE)

Filtered by vendor Clamav Subscribe
Total 91 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2008-6845 1 Clamav 1 Clamav 2023-12-10 5.0 MEDIUM N/A
The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.
CVE-2008-3912 2 Clamav, Debian 2 Clamav, Debian Linux 2023-12-10 5.0 MEDIUM N/A
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
CVE-2009-1371 1 Clamav 1 Clamav 2023-12-10 5.0 MEDIUM N/A
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.
CVE-2008-5525 2 Clamav, Microsoft 2 Clamav, Internet Explorer 2023-12-10 9.3 HIGH N/A
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit.
CVE-2009-1372 1 Clamav 1 Clamav 2023-12-10 10.0 HIGH N/A
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.
CVE-2009-1270 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2023-12-10 7.8 HIGH N/A
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2008-0728 1 Clamav 1 Clamav 2023-12-10 10.0 HIGH N/A
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
CVE-2007-2650 2 Clamav, Debian 2 Clamav, Debian Linux 2023-12-10 4.3 MEDIUM N/A
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
CVE-2006-1615 1 Clamav 1 Clamav 2023-12-10 10.0 HIGH N/A
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
CVE-2005-3501 1 Clamav 1 Clamav 2023-12-10 4.3 MEDIUM N/A
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
CVE-2006-4018 1 Clamav 1 Clamav 2023-12-10 7.5 HIGH N/A
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.