Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Clamav Security Vulnerabilities - 2007

cve
cve

CVE-2007-0898

Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

7.4AI Score

0.019EPSS

2007-02-16 07:28 PM
38
cve
cve

CVE-2007-1745

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third pa...

7.4AI Score

0.219EPSS

2007-04-16 09:19 PM
36
cve
cve

CVE-2007-1997

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-b...

9.5AI Score

0.203EPSS

2007-04-16 09:19 PM
40
4
cve
cve

CVE-2007-2029

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

6AI Score

0.123EPSS

2007-04-30 10:19 PM
36
cve
cve

CVE-2007-3023

unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

6.2AI Score

0.027EPSS

2007-06-07 09:30 PM
204
cve
cve

CVE-2007-3024

libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

5.8AI Score

0.0004EPSS

2007-06-07 10:30 PM
197
cve
cve

CVE-2007-3025

Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

6.5AI Score

0.014EPSS

2007-06-07 10:30 PM
181
cve
cve

CVE-2007-3122

The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

6.2AI Score

0.55EPSS

2007-06-07 09:30 PM
198
cve
cve

CVE-2007-3123

unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

6.3AI Score

0.262EPSS

2007-06-07 09:30 PM
193
cve
cve

CVE-2007-3725

The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

8.8AI Score

0.144EPSS

2007-07-12 04:30 PM
32
cve
cve

CVE-2007-4510

ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML documen...

8.9AI Score

0.145EPSS

2007-08-23 07:17 PM
41
cve
cve

CVE-2007-4560

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

9.7AI Score

0.961EPSS

2007-08-28 01:17 AM
57
cve
cve

CVE-2007-6029

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable a...

7.4AI Score

0.037EPSS

2007-11-20 02:46 AM
30
cve
cve

CVE-2007-6335

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

9.7AI Score

0.266EPSS

2007-12-20 01:46 AM
52
4
cve
cve

CVE-2007-6336

Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.

9.4AI Score

0.246EPSS

2007-12-20 01:46 AM
43
4
cve
cve

CVE-2007-6337

Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.

9.3AI Score

0.022EPSS

2007-12-31 07:46 PM
34
cve
cve

CVE-2007-6595

ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.

5.9AI Score

0.0004EPSS

2007-12-31 07:46 PM
37
cve
cve

CVE-2007-6596

ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.

6.3AI Score

0.038EPSS

2007-12-31 07:46 PM
34
4