Debian Clamav vulnerabilities

CVE-2007-6335 [HIGH] CVE-2007-6335: clamav - Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to e... Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.92~dfsg-1~volatile2) bullseye: resolved (fixed in 0.92~dfsg-1~volatile2) forky: resolved (fixed in 0.92~dfsg-1~volatile2) sid: resolved (fixed in

CVE-2007-4560 [HIGH] CVE-2007-4560: clamav - clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remot... clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail." Scope: local bookworm: resolved (fixed in 0.91.2-1~volatile1) bullseye: resolved (fixed in 0.91.2-1~volatile1) forky: resolved (fixed in 0.9

CVE-2007-1745 [HIGH] CVE-2007-1745: clamav - The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (C... The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information. Scope: local bookworm: resolved (fixed in 0.90.2-1) bul

CVE-2007-0897 [HIGH] CVE-2007-0897: clamav - Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under cer... Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. Scope: local bookworm: resolved (fixe

CVE-2007-3123 [MEDIUM] CVE-2007-3123: clamav - unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remo... unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. Scope: local bookworm: resolved (fixed in 0.90.3-1) bullseye: resolved (fixed in 0.90.3-1) forky: resolved (fixed in 0.90.3-1) sid:

CVE-2007-3725 [MEDIUM] CVE-2007-3725: clamav - The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assist... The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference. Scope: local bookworm: resolved (fixed in 0.91-1) bullseye: resolved (fixed in 0.91-1) forky: resolved (fixed in 0.91-1) sid: resolved (fixed in 0.91-1) trixie: res

CVE-2007-6336 [MEDIUM] CVE-2007-6336: clamav - Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitr... Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file. Scope: local bookworm: resolved (fixed in 0.92~dfsg-1~volatile2) bullseye: resolved (fixed in 0.92~dfsg-1~volatile2) forky: resolved (fixed in 0.92~dfsg-1~volatile2) sid: resolved (fixed in 0.92~dfsg-1~volatile2) trixie: resolved (fixed i

CVE-2007-2650 [MEDIUM] CVE-2007-2650: clamav - The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a de... The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. Scope: local bookworm: resolved (fixed in 0.90.2-1) bullseye: resolved (fixed in 0.90.2-

CVE-2007-3122 [MEDIUM] CVE-2007-3122: clamav - The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote... The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. Scope: local bookworm: resolved (fixed in 0.90.3-1) bullseye: resolved (fixed in 0.90.3-1) forky: resolved (fixed in 0.90.3-1) sid: resolved (fixed in 0.90.3-1) trixie: resolved

CVE-2007-0898 [MEDIUM] CVE-2007-0898: clamav - Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 ... Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. Scope: local bookworm: resolved (fixed in 0.90-1) bullseye: resolved (fixed in 0.90-1) forky: resolved (fixed in 0.90-1) sid: resolved (fixed in 0.90-1) trixie:

CVE-2007-4510 [MEDIUM] CVE-2007-4510: clamav - ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other pro... ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_

CVE-2007-3025 [MEDIUM] CVE-2007-3025: clamav - Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and ... Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. Scope: local bookworm: resolved bullseye: resolved forky: resolved sid: resolved trixie: resolved

CVE-2007-3024 [LOW] CVE-2007-3024: clamav - libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure... libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files. Scope: local bookworm: resolved (fixed in 0.90.3-1) bullseye: resolved (fixed in 0.90.3-1) forky: resolved (fixed in 0.90.3-1) sid: r

CVE-2007-6596 [MEDIUM] CVE-2007-6596: clamav - ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote at... ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file. Scope: local bookworm: resolved (fixed in 0.92.1~dfsg-1) bullseye: resolved (fixed in 0.92.1~dfsg-1) forky: resolved (fixed in 0.92.1~dfsg-1) sid: resolved (fixed in 0.92.1~dfsg-1) trixie: resolved (fixed in 0.92.1~dfsg-1)

CVE-2007-2029 [HIGH] CVE-2007-2029: clamav - File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote... File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. Scope: local bookworm: resolved (fixed in 0.90.2-1) bullseye: resolved (fixed in 0.90.2-1) forky: resolved (fixed in 0.90.2-1) sid: resolved (fixed in 0.90.2-1) trixie: resolved (fixed in 0.90.2-1)

CVE-2007-6595 [LOW] CVE-2007-6595: clamav - ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack... ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled. Scope: local bookworm: resolved (fixed in 0.92.1~dfsg-1) bullseye: resolved (fixed in 0.92.1~dfsg-1) forky: resolved (fixed in 0.92.1~dfsg-1)

CVE-2006-1615 [CRITICAL] CVE-2006-1615: clamav - Multiple format string vulnerabilities in the logging code in Clam AntiVirus (Cl... Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. Scope: local bookworm: resolved (fixed in 0.88.1-1) bullse

CVE-2006-4018 [HIGH] CVE-2006-4018: clamav - Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam ... Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. Scope: local bookworm: resolved (fixed in 0.88.4-1) bullseye: resolved (fixed in 0.88.4-1) forky: resolved (fixed in 0.88.4-1)

CVE-2006-0162 [HIGH] CVE-2006-0162: clamav - Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before ... Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. Scope: local bookworm: resolved (fixed in 0.88-1) bullseye: resolved (fixed in 0.88-1) forky: resolved (fixed in 0.88-1) sid: resolved (fixed in 0.88-1) trixie: resol

CVE-2006-4182 [HIGH] CVE-2006-4182: clamav - Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, ... Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected. Scope: local bookworm: resolved (fixed in 0.88.5-1) bu