Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Clamav
(Clamav)| Repositories |
• https://github.com/vrtadmin/clamav-devel
• https://github.com/Cisco-Talos/clamav-devel |
| #Vulnerabilities | 89 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2018-01-26 | CVE-2017-12376 | ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an... | Clamav, Debian_linux | 7.8 | ||
| 2018-01-26 | CVE-2017-12375 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a... | Clamav, Debian_linux | 7.5 | ||
| 2018-01-26 | CVE-2017-12374 | The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free... | Clamav, Debian_linux | 7.5 | ||
| 2016-06-08 | CVE-2016-1405 | libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | Email_security_appliance, Web_security_appliance, Clamav | 7.5 | ||
| 2016-10-03 | CVE-2016-1372 | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | Ubuntu_linux, Clamav | 5.5 | ||
| 2016-10-03 | CVE-2016-1371 | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | Ubuntu_linux, Clamav | 5.5 | ||
| 2015-05-12 | CVE-2015-2668 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | Ubuntu_linux, Clamav | N/A | ||
| 2015-05-12 | CVE-2015-2222 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | Ubuntu_linux, Clamav | N/A | ||
| 2015-05-12 | CVE-2015-2221 | ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | Ubuntu_linux, Clamav | N/A | ||
| 2015-05-12 | CVE-2015-2170 | The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | Ubuntu_linux, Clamav | N/A |