Lucene search
K

18 matches found

CVE
CVE
added 2025/01/22 4:21 p.m.495 views

CVE-2025-20128

The vulnerability CVE-2025-20128 affects ClamAV’s OLE2 file decryption. An integer underflow in a bounds check allows a heap buffer overflow read via a crafted OLE2 content file, enabling an unauthenticated remote attacker to cause a DoS by terminating the ClamAV scanning process. Cisco’s advisor...

7.5CVSS5.7AI score0.01509EPSS
CVE
CVE
added 2024/02/07 4:16 p.m.343 views

CVE-2024-20290

CVE-2024-20290 : A DoS in ClamAV due to a heap-based overflow in the OLE2 file format parser caused by an incorrect end-of-string check during scanning. Attacker-submitted crafted OLE2 content could crash the ClamAV scanning process. Connected documents confirm this vulnerability and reference mu...

7.5CVSS7.4AI score0.33558EPSS
CVE
CVE
added 2023/08/16 9:43 p.m.240 views

CVE-2023-20197

CVE-2023-20197 describes a DoS in ClamAV caused by the HFS+ filesystem image parser. The root cause is an incorrect completion-check during file decompression, which can trigger an infinite loop and make the ClamAV scanning process stop responding, consuming resources. Exploitation requires sendi...

7.5CVSS7.2AI score0.00883EPSS
CVE
CVE
added 2022/05/04 5:5 p.m.230 views

CVE-2022-20770

CVE-2022-20770 describes a denial-of-service in ClamAV caused by a CHM file parser vulnerability. Affected software: ClamAV scanning library versions 0.104.0–0.104.2 and LTS 0.103.5 and earlier. An unauthenticated, remote attacker could craft a CHM file to crash the ClamAV process, leading to DoS...

8.6CVSS7.7AI score0.0659EPSS
CVE
CVE
added 2023/02/16 3:26 p.m.215 views

CVE-2023-20052

CVE-2023-20052 affects ClamAV DMG file parser in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier. An unauthenticated attacker could exploit XML external entity substitution to cause an information leak by submitting a crafted DMG file to be scanned, potentially leaking by...

5.3CVSS6AI score0.06675EPSS
CVE
CVE
added 2022/05/04 5:5 p.m.185 views

CVE-2022-20785

CVE-2022-20785 affects ClamAV HTML file parser. Vulnerable versions: 0.1040–0.1042 and LTS 0.103.5 and earlier. Condition: unauthenticated remote attacker can cause a denial-of-service on the affected device. Description points to the ClamAV blog for details; no exploit specifics are provided in ...

7.8CVSS7.3AI score0.0663EPSS
CVE
CVE
added 2023/02/16 3:24 p.m.179 views

CVE-2023-20032

CVE-2023-20032 affects ClamAV HFS+ parser: vulnerable in versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier due to a missing buffer size check that can cause a heap buffer overflow. An unauthenticated, remote attacker could trigger arbitrary code execution with the ClamAV sc...

9.8CVSS9.6AI score0.29314EPSS
CVE
CVE
added 2022/05/04 5:5 p.m.178 views

CVE-2022-20771

The CVE-2022-20771 issue affects the ClamAV TIFF file parser. It is a denial-of-service vulnerability that could be exploited by an unauthenticated, remote attacker by processing a crafted TIFF file. Affected versions include ClamAV 0.104.0–0.104.2 and the LTS line 0.103.5 and earlier. Public adv...

7.8CVSS7.4AI score0.05477EPSS
CVE
CVE
added 2022/05/04 5:6 p.m.168 views

CVE-2022-20796

CVE-2022-20796 affects ClamAV scanning library versions 0.103.4/0.103.5/0.104.1/0.104.2, where an authenticated, local attacker could cause a denial-of-service on affected devices. Connected advisories confirm the issue across multiple distributions and indicate remediation by upgrading to later ...

6.5CVSS6AI score0.00391EPSS
CVE
CVE
added 2023/08/18 7:55 p.m.106 views

CVE-2023-20212

CVE-2023-20212 affects ClamAV via the AutoIt module. The vulnerability stems from a logic error in memory management, exploitable by submitting a crafted AutoIt file to be scanned, potentially restarting the ClamAV scanning process and causing a DoS. Impact is described as high (availability loss...

7.5CVSS7.2AI score0.02599EPSS
CVE
CVE
added 2025/06/18 4:20 p.m.86 views

CVE-2025-20234

CVE-2025-20234 is a memory overread vulnerability in ClamAV’s UDF file processing that can be exploited by an unauthenticated attacker to cause a DoS via crafted UDF content. Affected: ClamAV UDF scanning; root cause: memory overread during UDF file scanning. Impact: DoS on the ClamAV process; no...

7.5CVSS5.4AI score0.00663EPSS
CVE
CVE
added 2026/07/01 4:27 p.m.55 views

CVE-2026-20213

This CVE (CVE-2026-20213) affects the ClamAV PE file format parser. A crafted PE content file submitted to the scanner can trigger memory corruption due to improper boundary checks, leading to an out-of-bounds write. An unauthenticated, remote attacker could cause the ClamAV scanning process to t...

7.5CVSS6AI score0.00463EPSS
CVE
CVE
added 2026/07/01 4:28 p.m.37 views

CVE-2026-20217

The CVE-2026-20217 entry concerns ClamAV’s PESpin file format parser. The vulnerability arises from improper boundary checks for PESpin content during scanning, causing memory corruption that can lead to an out-of-bounds buffer write. An attacker could submit a crafted PESpin file to be scanned, ...

7.5CVSS6AI score0.00389EPSS
CVE
CVE
added 2026/07/01 4:27 p.m.34 views

CVE-2026-20216

CVE-2026-20216 concerns ClamAV’s InstallShield file format parser. The vulnerability arises from improper handling of temporary resources during scanning, enabling an unauthenticated, remote attacker to submit a crafted InstallShield file that can terminate the ClamAV scanning process and tempora...

7.5CVSS5.8AI score0.00389EPSS
CVE
CVE
added 2026/07/01 4:30 p.m.33 views

CVE-2026-20243

CVE-2026-20243 describes a DoS-style vulnerability in ClamAV caused by memory corruption during ALZ archive parsing. The issue stems from improper boundary checks for content in ALZ files, leading to an out-of-bounds buffer write when a crafted ALZ file is scanned by vulnerable ClamAV instances. ...

7.5CVSS6AI score0.00389EPSS
CVE
CVE
added 2026/07/01 4:28 p.m.27 views

CVE-2026-20244

CVE-2026-20244 affects the DMG file format parser in ClamAV. The root cause is improper boundary checks for DMG content during scanning, which may trigger an integer overflow on 32-bit platforms. An unauthenticated, remote attacker could submit a crafted DMG file for scanning, potentially causing...

7.5CVSS5.9AI score0.00389EPSS
CVE
CVE
added 2026/07/01 4:27 p.m.20 views

CVE-2026-20214

CVE-2026-20214 affects ClamAV’s FSG file format parser. The issue arises from improper boundary checks for content in FSG files during scanning, leading to an out-of-bounds buffer write and memory corruption. An unauthenticated, remote attacker could submit a crafted file containing portable exec...

7.5CVSS6AI score0.00463EPSS
CVE
CVE
added 2026/07/01 4:28 p.m.15 views

CVE-2026-20215

CVE-2026-20215 affects ClamAV’s 7z file format parser. The issue stems from improper boundary checks on 7z content during scanning, causing an out-of-bounds memory write that can crash the ClamAV scanning process. This allows an unauthenticated, remote attacker to trigger a DoS (and possibly expa...

7.5CVSS6AI score0.00389EPSS