Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Clamav
(Clamav)| Repositories |
• https://github.com/vrtadmin/clamav-devel
• https://github.com/Cisco-Talos/clamav-devel |
| #Vulnerabilities | 89 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2007-02-16 | CVE-2007-0897 | Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | Mac_os_x_server, Clamav, Debian_linux | 7.5 | ||
| 2023-03-01 | CVE-2023-20032 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+... | Secure_endpoint, Secure_endpoint_private_cloud, Web_security_appliance, Clamav, Stormshield_network_security | 9.8 | ||
| 2023-03-01 | CVE-2023-20052 | On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting... | Secure_endpoint, Secure_endpoint_private_cloud, Clamav, Stormshield_network_security | 5.3 | ||
| 2010-04-08 | CVE-2010-0098 | ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. | Clamav, Clamav | N/A | ||
| 2010-04-08 | CVE-2010-1311 | The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. | Clamav, Clamav | N/A | ||
| 2010-09-30 | CVE-2010-3434 | Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information. | Clamav | N/A | ||
| 2010-12-07 | CVE-2010-4261 | Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | Clamav | N/A | ||
| 2010-12-07 | CVE-2010-4479 | Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. | Clamav | N/A | ||
| 2011-02-23 | CVE-2011-1003 | Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. | Clamav | N/A | ||
| 2020-07-20 | CVE-2020-3481 | A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | Ubuntu_linux, Clamav, Debian_linux, Fedora | 7.5 |