Clam Anti-Virus Clamav vulnerabilities
60 known vulnerabilities affecting clam_anti-virus/clamav.
Total CVEs
60
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH18MEDIUM31LOW5
Vulnerabilities
Page 1 of 3
CVE-2007-4560P2HIGHCVSS 7.6PoC≤ 0.91.12007-08-28
CVE-2007-4560 [HIGH] CWE-78 CVE-2007-4560: clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execu
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
nvd
CVE-2007-6335P3HIGHCVSS 7.5PoC≤ 0.922007-12-20
CVE-2007-6335 [HIGH] CWE-189 CVE-2007-6335: Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary cod
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
nvd
CVE-2006-4182P3HIGHCVSS 7.5PoC≤ 0.88.4v.+46 more2006-10-16
CVE-2006-4182 [HIGH] CVE-2006-4182: Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attack
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
nvd
CVE-2008-1833P3HIGHCVSS 7.5v0.92.12008-04-16
CVE-2008-1833 [HIGH] CWE-119 CVE-2008-1833: Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
nvd
CVE-2008-0314P3HIGHCVSS 7.5v0.92.12008-04-16
CVE-2008-0314 [HIGH] CWE-119 CVE-2008-0314: Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execut
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
nvd
CVE-2006-5295P4MEDIUMCVSS 5.0PoC≤ 0.88.4v.+46 more2006-10-16
CVE-2006-5295 [MEDIUM] CVE-2006-5295: Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of servi
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
nvd
CVE-2008-0318P3CRITICALCVSS 10.0≤ 0.922008-02-12
CVE-2008-0318 [CRITICAL] CWE-189 CVE-2008-0318: Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd,
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
nvd
CVE-2008-1100P3CRITICALCVSS 10.0v0.92v0.92.12008-04-14
CVE-2008-1100 [CRITICAL] CWE-119 CVE-2008-1100: Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
nvd
CVE-2008-5050P3CRITICALCVSS 9.3≤ 0.94v0.01+80 more2008-11-13
CVE-2008-5050 [CRITICAL] CWE-119 CVE-2008-5050: Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (Clam
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
nvd
CVE-2008-5314P4MEDIUMCVSS 4.3PoC≤ 0.94.1v0.70+39 more2008-12-03
CVE-2008-5314 [MEDIUM] CWE-399 CVE-2008-5314: Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attacke
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
nvd
CVE-2006-0162P3HIGHCVSS 7.5v.v0.51+28 more2006-01-10
CVE-2006-0162 [HIGH] CVE-2006-0162: Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote a
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
nvd
CVE-2004-0270P4MEDIUMCVSS 5.0PoCv0.652004-11-23
CVE-2004-0270 [MEDIUM] CVE-2004-0270: libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
nvd
CVE-2007-1997P3HIGHCVSS 7.5v0.90v0.90.1+4 more2007-04-16
CVE-2007-1997 [HIGH] CVE-2007-1997: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
nvd
CVE-2007-3725P4MEDIUMCVSS 4.3PoCv0.15v0.20+52 more2007-07-12
CVE-2007-3725 [MEDIUM] CVE-2007-3725: The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
nvd
CVE-2005-2920P3HIGHCVSS 7.5v0.70v0.71+15 more2005-09-20
CVE-2005-2920 [HIGH] CVE-2005-2920: Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
nvd
CVE-2005-1800P4MEDIUMCVSS 4.3PoCv0.81v0.82+3 more2005-05-28
CVE-2005-1800 [MEDIUM] CVE-2005-1800: Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attacker
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
nvd
CVE-2005-3303P3HIGHCVSS 7.5v0.80v0.81+9 more2005-11-05
CVE-2005-3303 [HIGH] CVE-2005-3303: The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cau
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
nvd
CVE-2005-1795P3HIGHCVSS 7.5≤ 0.842005-05-27
CVE-2005-1795 [HIGH] CWE-20 CVE-2005-1795: The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote att
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
nvd
CVE-2007-3023P4CRITICALCVSS 10.0v0.90v0.90.1+3 more2007-06-07
CVE-2007-3023 [CRITICAL] CVE-2007-3023: unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a cert
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
nvd
CVE-2007-6029P4HIGHCVSS 7.5v0.91.1v0.91.22007-11-20
CVE-2007-6029 [HIGH] CWE-94 CVE-2007-6029: Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary c
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes,
nvd
1 / 3Next →