Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Clam Anti-virus Subscribe
Filtered by product Clamav
Total 62 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2007-6336 1 Clam Anti-virus 1 Clamav 2017-08-07 6.8 MEDIUM N/A
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
CVE-2007-4510 2 Clam Anti-virus, Kolab 2 Clamav, Kolab Server 2017-07-28 4.3 MEDIUM N/A
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
CVE-2007-3123 1 Clam Anti-virus 1 Clamav 2017-07-28 5.0 MEDIUM N/A
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
CVE-2007-2029 2 Clam Anti-virus, Debian 2 Clamav, Debian Linux 2017-07-28 7.8 HIGH N/A
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
CVE-2007-3122 1 Clam Anti-virus 1 Clamav 2017-07-28 5.0 MEDIUM N/A
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVE-2007-1997 1 Clam Anti-virus 1 Clamav 2017-07-28 7.5 HIGH N/A
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
CVE-2007-0898 1 Clam Anti-virus 1 Clamav 2017-07-28 6.4 MEDIUM N/A
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
CVE-2007-0897 1 Clam Anti-virus 1 Clamav 2017-07-28 4.3 MEDIUM N/A
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
CVE-2007-1745 2 Clam Anti-virus, Ifenslave 2 Clamav, Ifenslave 2017-07-28 7.1 HIGH N/A
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
CVE-2006-5295 1 Clam Anti-virus 1 Clamav 2017-07-19 5.0 MEDIUM N/A
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
CVE-2006-4182 1 Clam Anti-virus 1 Clamav 2017-07-19 7.5 HIGH N/A
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
CVE-2006-1989 1 Clam Anti-virus 1 Clamav 2017-07-19 5.1 MEDIUM N/A
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
CVE-2006-1630 1 Clam Anti-virus 1 Clamav 2017-07-19 5.0 MEDIUM N/A
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
CVE-2006-0162 1 Clam Anti-virus 1 Clamav 2017-07-19 7.5 HIGH N/A
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
CVE-2005-2919 1 Clam Anti-virus 1 Clamav 2017-07-10 5.0 MEDIUM N/A
libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.
CVE-2005-2920 1 Clam Anti-virus 1 Clamav 2017-07-10 7.5 HIGH N/A
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
CVE-2005-2450 1 Clam Anti-virus 1 Clamav 2017-07-10 7.5 HIGH N/A
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
CVE-2004-1909 1 Clam Anti-virus 1 Clamav 2017-07-10 2.6 LOW N/A
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
CVE-2004-1876 1 Clam Anti-virus 1 Clamav 2017-07-10 4.6 MEDIUM N/A
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
CVE-2005-3229 1 Clam Anti-virus 1 Clamav 2016-10-17 5.1 MEDIUM N/A
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.