Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Clamav Subscribe
Filtered by product Clamav
Total 90 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2012-1457 26 Aladdin, Alwil, Anti-virus and 23 more 28 Esafe, Avast Antivirus, Vba32 and 25 more 2018-01-17 4.3 MEDIUM N/A
The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2012-1458 2 Clamav, Sophos 2 Clamav, Sophos Anti-virus 2018-01-17 4.3 MEDIUM N/A
The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.
CVE-2012-1459 32 Ahnlab, Alwil, Anti-virus and 29 more 34 V3 Internet Security, Avast Antivirus, Vba32 and 31 more 2018-01-17 4.3 MEDIUM N/A
The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.
CVE-2013-6497 1 Clamav 1 Clamav 2017-08-28 2.1 LOW N/A
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
CVE-2008-6680 1 Clamav 1 Clamav 2017-08-16 5.0 MEDIUM N/A
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
CVE-2008-0728 1 Clamav 1 Clamav 2017-08-07 10.0 HIGH N/A
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
CVE-2006-1615 1 Clamav 1 Clamav 2017-07-19 10.0 HIGH N/A
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
CVE-2015-2170 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2017-01-02 5.0 MEDIUM N/A
The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.
CVE-2015-2221 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2017-01-02 5.0 MEDIUM N/A
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.
CVE-2015-2222 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2017-01-02 5.0 MEDIUM N/A
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.
CVE-2014-9328 2 Clamav, Fedoraproject 2 Clamav, Fedora 2017-01-02 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."
CVE-2015-2668 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2017-01-02 5.0 MEDIUM N/A
ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.
CVE-2015-1463 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 5.0 MEDIUM N/A
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."
CVE-2015-1462 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."
CVE-2015-1461 2 Clamav, Fedoraproject 2 Clamav, Fedora 2016-12-07 7.5 HIGH N/A
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."
CVE-2016-1405 2 Cisco, Clamav 3 Email Security Appliance, Web Security Appliance, Clamav 2016-11-28 5.0 MEDIUM 7.5 HIGH
libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.
CVE-2016-1371 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2016-10-04 4.3 MEDIUM 5.5 MEDIUM
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.
CVE-2016-1372 2 Canonical, Clamav 2 Ubuntu Linux, Clamav 2016-10-04 4.3 MEDIUM 5.5 MEDIUM
ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.
CVE-2013-2021 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 4.3 MEDIUM N/A
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.
CVE-2013-2020 3 Canonical, Clamav, Suse 3 Ubuntu Linux, Clamav, Linux Enterprise Server 2015-09-28 5.0 MEDIUM N/A
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.