Vulnerabilities (CVE)

Filtered by vendor Clamav Subscribe
Filtered by product Clamav
Total 86 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2021-1404 1 Clamav 1 Clamav 2022-08-05 5.0 MEDIUM 7.5 HIGH
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVE-2021-1252 1 Clamav 1 Clamav 2022-08-05 7.8 HIGH 7.5 HIGH
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.
CVE-2021-1405 2 Clamav, Debian 2 Clamav, Debian Linux 2022-08-05 5.0 MEDIUM 7.5 HIGH
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVE-2022-20771 4 Cisco, Clamav, Debian and 1 more 4 Secure Endpoint, Clamav, Debian Linux and 1 more 2022-07-01 7.8 HIGH 7.5 HIGH
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
CVE-2022-20785 4 Cisco, Clamav, Debian and 1 more 4 Secure Endpoint, Clamav, Debian Linux and 1 more 2022-07-01 7.8 HIGH 7.5 HIGH
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
CVE-2022-20796 4 Cisco, Clamav, Debian and 1 more 4 Secure Endpoint, Clamav, Debian Linux and 1 more 2022-07-01 4.9 MEDIUM 5.5 MEDIUM
On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.
CVE-2022-20770 4 Cisco, Clamav, Debian and 1 more 4 Secure Endpoint, Clamav, Debian Linux and 1 more 2022-07-01 7.8 HIGH 7.5 HIGH
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.
CVE-2021-27506 3 Clamav, Netasq Project, Stormshield 3 Clamav, Netasq, Network Security 2022-07-01 4.3 MEDIUM 5.5 MEDIUM
The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.
CVE-2009-1270 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2022-02-10 7.8 HIGH N/A
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang.
CVE-2022-20698 3 Canonical, Clamav, Debian 3 Ubuntu Linux, Clamav, Debian Linux 2022-01-21 5.0 MEDIUM 7.5 HIGH
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.
CVE-2020-3123 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2022-01-01 5.0 MEDIUM 7.5 HIGH
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVE-2009-1241 1 Clamav 1 Clamav 2020-11-10 7.5 HIGH N/A
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
CVE-2008-3913 2 Clamav, Debian 2 Clamav, Debian Linux 2020-11-10 5.0 MEDIUM N/A
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
CVE-2008-3912 2 Clamav, Debian 2 Clamav, Debian Linux 2020-11-09 5.0 MEDIUM N/A
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
CVE-2007-2650 2 Clamav, Debian 2 Clamav, Debian Linux 2020-11-09 4.3 MEDIUM N/A
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
CVE-2008-3914 1 Clamav 1 Clamav 2020-11-05 10.0 HIGH N/A
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
CVE-2019-1788 3 Clamav, Debian, Opensuse 3 Clamav, Debian Linux, Leap 2020-10-16 4.3 MEDIUM 5.5 MEDIUM
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.
CVE-2007-0899 2 Clamav, Debian 2 Clamav, Debian Linux 2020-08-18 7.5 HIGH 9.8 CRITICAL
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
CVE-2020-3481 1 Clamav 1 Clamav 2020-08-06 5.0 MEDIUM 7.5 HIGH
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVE-2019-15961 2 Cisco, Clamav 2 Email Security Appliance Firmware, Clamav 2020-03-19 7.1 HIGH 6.5 MEDIUM
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.