cbcvebase.

Clam Anti-Virus Clamav vulnerabilities

60 known vulnerabilities affecting clam_anti-virus/clamav.

Total CVEs
60
CISA KEV
0
Public exploits
8
Exploited in wild
0
Severity breakdown
CRITICAL6HIGH18MEDIUM31LOW5

Vulnerabilities

Page 2 of 3
CVE-2007-6336P3MEDIUMCVSS 6.8≤ 0.912007-12-20
CVE-2007-6336 [MEDIUM] CWE-119 CVE-2007-6336: Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a craft Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
nvd
CVE-2005-2450P4HIGHCVSS 7.5v0.85v0.85.1+1 more2005-08-03
CVE-2005-2450 [HIGH] CVE-2005-2450: Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
nvd
CVE-2007-6337P4CRITICALCVSS 10.0v0.91.22007-12-31
CVE-2007-6337 [CRITICAL] CVE-2007-6337: Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV bef Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
nvd
CVE-2006-1614P4MEDIUMCVSS 5.1v0.51v0.52+28 more2006-04-06
CVE-2006-1614 [MEDIUM] CVE-2006-1614: Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVir Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
nvd
CVE-2007-0898P4MEDIUMCVSS 6.4≤ 0.88.6v0.15+46 more2007-02-16
CVE-2007-0898 [MEDIUM] CWE-22 CVE-2007-0898: Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attack Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
nvd
CVE-2007-6596P4MEDIUMCVSS 5.0v0.922007-12-31
CVE-2007-6596 [MEDIUM] CWE-20 CVE-2007-6596: ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass th ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
nvd
CVE-2006-1989P4MEDIUMCVSS 5.1v0.88v0.88.12006-05-01
CVE-2006-1989 [MEDIUM] CVE-2006-1989: Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88. Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
nvd
CVE-2003-0946P4HIGHCVSS 7.5v0.60v0.60p2003-12-15
CVE-2003-0946 [HIGH] CVE-2003-0946: Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versio Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
nvd
CVE-2005-0218P4MEDIUMCVSS 5.0v0.51v0.52+8 more2005-05-02
CVE-2005-0218 [MEDIUM] CVE-2005-0218: ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
nvd
CVE-2007-2029P4HIGHCVSS 7.8v0.84_rc22007-04-30
CVE-2007-2029 [HIGH] CWE-399 CVE-2007-2029: File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
nvd
CVE-2008-1835P4MEDIUMCVSS 5.0≤ 0.92.1v0.15+62 more2008-04-16
CVE-2008-1835 [MEDIUM] CWE-20 CVE-2008-1835: ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an inva ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
nvd
CVE-2005-3587P4CRITICALCVSS 10.0v0.15v0.20+31 more2005-11-16
CVE-2005-3587 [CRITICAL] CVE-2005-3587: Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to pe Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
nvd
CVE-2005-3239P4HIGHCVSS 7.8v.2005-10-14
CVE-2005-3239 [HIGH] CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a deni The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
nvd
CVE-2006-6406P4MEDIUMCVSS 5.0v0.88.62006-12-10
CVE-2006-6406 [MEDIUM] CVE-2006-6406: Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invali Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
nvd
CVE-2007-3122P4MEDIUMCVSS 5.0v0.90v0.90.1+4 more2007-06-07
CVE-2007-3122 [MEDIUM] CVE-2007-3122: The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
nvd
CVE-2005-1711P4HIGHCVSS 7.5v0.90.22005-05-24
CVE-2005-1711 [HIGH] CVE-2005-1711: Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct C Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
nvd
CVE-2008-2713P4MEDIUMCVSS 5.0v0.15v0.20+55 more2008-06-16
CVE-2008-2713 [MEDIUM] CWE-399 CVE-2008-2713: libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
nvd
CVE-2006-1630P4MEDIUMCVSS 5.0v0.51v0.52+28 more2006-04-06
CVE-2006-1630 [MEDIUM] CVE-2006-1630: The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows re The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
nvd
CVE-2008-1837P4MEDIUMCVSS 5.0≤ 0.92.1v0.15+62 more2008-04-16
CVE-2008-1837 [MEDIUM] CWE-399 CVE-2008-1837: libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
nvd
CVE-2008-3215P4MEDIUMCVSS 5.0v0.88.2v0.88.4+11 more2008-07-18
CVE-2008-3215 [MEDIUM] CVE-2008-3215: libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
nvd