Clamav Security Vulnerabilities and Issues — Clamav CVE List

Lucene search

Clam Anti-virusClamav

18 matches found

CVE•added 2005/09/20 11:3 p.m.•130 views

CVE-2005-2920

Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.

7.5CVSS7.4AI score0.14209EPSS

CVE•added 2007/08/28 1:17 a.m.•75 views

CVE-2007-4560

clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."

7.6CVSS9.7AI score0.91095EPSS

CVE•added 2007/12/20 1:46 a.m.•66 views

CVE-2007-6335

Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.

7.5CVSS9.7AI score0.39002EPSS

CVE•added 2006/01/10 7:3 p.m.•64 views

CVE-2006-0162

Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.

7.5CVSS7.8AI score0.27999EPSS

CVE•added 2008/04/16 3:5 p.m.•61 views

CVE-2008-0314

Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

7.5CVSS7AI score0.26624EPSS

CVE•added 2007/04/16 9:19 p.m.•53 views

CVE-2007-1997

Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-b...

7.5CVSS9.5AI score0.11454EPSS

CVE•added 2007/04/16 9:19 p.m.•52 views

CVE-2007-1745

The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third pa...

7.1CVSS7.4AI score0.05072EPSS

CVE•added 2005/11/05 11:2 a.m.•51 views

CVE-2005-3303

The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.

7.5CVSS7.1AI score0.0994EPSS

CVE•added 2008/04/16 3:5 p.m.•51 views

CVE-2008-1833

Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.

7.5CVSS7AI score0.08872EPSS

CVE•added 2005/10/14 7:2 p.m.•50 views

CVE-2005-3239

The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.

7.8CVSS6.2AI score0.04594EPSS

CVE•added 2006/10/16 11:7 p.m.•48 views

CVE-2006-4182

Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocat...

7.5CVSS7.7AI score0.14497EPSS

CVE•added 2005/08/03 4:0 a.m.•47 views

CVE-2005-2450

Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.

7.5CVSS6.5AI score0.03642EPSS

CVE•added 2007/04/30 10:19 p.m.•47 views

CVE-2007-2029

File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

7.8CVSS6AI score0.01166EPSS

CVE•added 2005/05/24 4:0 a.m.•40 views

CVE-2005-1711

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.

7.5CVSS7.2AI score0.00036EPSS

CVE•added 2003/12/15 5:0 a.m.•39 views

CVE-2003-0946

Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.

7.5CVSS7.8AI score0.01965EPSS

CVE•added 2007/11/20 2:46 a.m.•38 views

CVE-2007-6029

Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable a...

7.5CVSS7.4AI score0.01704EPSS

CVE•added 2005/06/01 4:0 a.m.•35 views

CVE-2005-1795

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is inv...

7.5CVSS8.1AI score0.02166EPSS

CVE•added 2006/05/17 10:6 a.m.•34 views

CVE-2006-2427

freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

7.2CVSS6.4AI score0.00047EPSS