Lucene search
K
Database
Vendors
Products
Timeline
Vulnerabilities
Perimeter Scanner
Scanning
Projects
Scanner
Agent Scanning
API Scanning
Manual Audit
Email
Webhook
Resources
Documents
Blog
Glossary
FAQ
Plugins
Pricing
Contacts
About Us
Partners
Branding Guideline
Settings
Sign in
ClamavClamav0.81

17 matches found

CVE
CVEadded 2006/08/08 8:4 p.m.131 views

CVE-2006-4018

Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.

7.5CVSS7.6AI score0.40912EPSS
CVE
CVEadded 2006/04/06 10:4 p.m.98 views

CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized ...

10CVSS7.1AI score0.36756EPSS
CVE
CVEadded 2010/05/26 6:30 p.m.62 views

CVE-2010-1639

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

4.3CVSS6.2AI score0.02814EPSS
CVE
CVEadded 2014/12/01 3:59 p.m.62 views

CVE-2014-9050

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

5CVSS6.6AI score0.04637EPSS
CVE
CVEadded 2009/04/23 3:30 p.m.61 views

CVE-2009-1371

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

5CVSS7.1AI score0.13059EPSS
CVE
CVEadded 2009/04/23 3:30 p.m.61 views

CVE-2009-1372

Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL.

10CVSS7.8AI score0.11885EPSS
CVE
CVEadded 2011/08/05 9:55 p.m.61 views

CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

5CVSS6.2AI score0.02593EPSS
CVE
CVEadded 2010/12/07 1:53 p.m.60 views

CVE-2010-4260

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

5CVSS6.5AI score0.05379EPSS
CVE
CVEadded 2010/12/07 1:53 p.m.60 views

CVE-2010-4261

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third ...

7.5CVSS6.5AI score0.07296EPSS
CVE
CVEadded 2010/04/08 5:30 p.m.57 views

CVE-2010-0098

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

10CVSS8.9AI score0.03391EPSS
CVE
CVEadded 2005/11/05 11:2 a.m.56 views

CVE-2005-3501

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

4.3CVSS6.2AI score0.07226EPSS
CVE
CVEadded 2010/04/08 5:30 p.m.56 views

CVE-2010-1311

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third par...

5CVSS8.8AI score0.043EPSS
CVE
CVEadded 2010/09/30 3:0 p.m.55 views

CVE-2010-3434

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party informat...

9.3CVSS6.4AI score0.09963EPSS
CVE
CVEadded 2010/12/07 1:53 p.m.53 views

CVE-2010-4479

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

7.5CVSS6.2AI score0.05379EPSS
CVE
CVEadded 2011/02/23 7:0 p.m.53 views

CVE-2011-1003

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained...

6.8CVSS7.4AI score0.05611EPSS
CVE
CVEadded 2009/07/02 10:30 a.m.49 views

CVE-2008-6845

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file.

5CVSS6.4AI score0.01007EPSS
CVE
CVEadded 2008/02/12 8:0 p.m.48 views

CVE-2008-0728

The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."

10CVSS9.2AI score0.01559EPSS