Clam Anti-Virus Clamav vulnerabilities

CVE-2007-4510 [MEDIUM] CVE-2007-4510: ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the c

CVE-2007-3725 [MEDIUM] CVE-2007-3725: The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.

CVE-2007-3023 [CRITICAL] CVE-2007-3023: unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a cert unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.

CVE-2007-3122 [MEDIUM] CVE-2007-3122: The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.

CVE-2007-3123 [MEDIUM] CVE-2007-3123: unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to caus unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.

CVE-2007-3025 [MEDIUM] CVE-2007-3025: Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.

CVE-2007-3024 [LOW] CVE-2007-3024: libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for tem libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.

CVE-2007-2029 [HIGH] CWE-399 CVE-2007-2029: File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.

CVE-2007-1997 [HIGH] CVE-2007-1997: Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.

CVE-2007-1745 [HIGH] CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.

CVE-2007-0898 [MEDIUM] CWE-22 CVE-2007-0898: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attack Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.

CVE-2006-6481 [MEDIUM] CVE-2006-6481: Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.

CVE-2006-5874 [MEDIUM] CVE-2006-5874: Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.

CVE-2006-6406 [MEDIUM] CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invali Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.

CVE-2006-4182 [HIGH] CVE-2006-4182: Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attack Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.

CVE-2006-5295 [MEDIUM] CVE-2006-5295: Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of servi Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."

CVE-2006-2427 [HIGH] CVE-2006-2427: freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privi freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.

CVE-2006-1989 [MEDIUM] CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88. Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.

CVE-2006-1630 [MEDIUM] CVE-2006-1630: The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows re The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."

CVE-2006-1614 [MEDIUM] CVE-2006-1614: Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVir Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.