Filtered by vendor Clamav
Subscriptions
Total
91 CVE
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2019-1785 | 1 Clamav | 1 Clamav | 2023-03-01 | 7.8 High |
| A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system. | ||||
| CVE-2011-2721 | 1 Clamav | 1 Clamav | 2023-02-13 | N/A |
| Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. | ||||
| CVE-2010-4260 | 1 Clamav | 1 Clamav | 2023-02-13 | N/A |
| Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | ||||
| CVE-2010-1640 | 1 Clamav | 1 Clamav | 2023-02-13 | N/A |
| Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. | ||||
| CVE-2010-1639 | 1 Clamav | 1 Clamav | 2023-02-13 | N/A |
| The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | ||||
| CVE-2011-3627 | 1 Clamav | 1 Clamav | 2023-02-13 | N/A |
| The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | ||||
| CVE-2019-15961 | 4 Canonical, Cisco, Clamav and 1 more | 4 Ubuntu Linux, Email Security Appliance Firmware, Clamav and 1 more | 2022-10-19 | 6.5 Medium |
| A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. | ||||
| CVE-2021-1252 | 1 Clamav | 1 Clamav | 2022-08-05 | 7.5 High |
| A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. | ||||
| CVE-2021-1404 | 1 Clamav | 1 Clamav | 2022-08-05 | 7.5 High |
| A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. | ||||
| CVE-2021-1405 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2022-08-05 | 7.5 High |
| A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | ||||
| CVE-2021-27506 | 3 Clamav, Netasq Project, Stormshield | 3 Clamav, Netasq, Network Security | 2022-07-01 | 5.5 Medium |
| The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1. | ||||
| CVE-2009-1270 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2022-02-10 | N/A |
| libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. | ||||
| CVE-2020-3123 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2022-01-01 | 7.5 High |
| A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. | ||||
| CVE-2009-1241 | 1 Clamav | 1 Clamav | 2020-11-10 | N/A |
| Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. | ||||
| CVE-2008-3913 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-11-10 | N/A |
| Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | ||||
| CVE-2008-3912 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-11-09 | N/A |
| libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | ||||
| CVE-2007-2650 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-11-09 | N/A |
| The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | ||||
| CVE-2008-3914 | 1 Clamav | 1 Clamav | 2020-11-05 | N/A |
| Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | ||||
| CVE-2019-1788 | 3 Clamav, Debian, Opensuse | 3 Clamav, Debian Linux, Leap | 2020-10-16 | 5.5 Medium |
| A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device. | ||||
| CVE-2007-6745 | 2 Clamav, Debian | 2 Clamav, Debian Linux | 2020-08-18 | 9.8 Critical |
| clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. | ||||