IDCVSSSummaryLast (major) updatePublished
CVE-2005-1795 7.5
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions pre
25-05-2016 - 18:34 27-05-2005 - 04:00
CVE-2006-4182 7.5
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-
20-07-2017 - 01:32 16-10-2006 - 23:07
CVE-2006-5295 5.0
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." This vulnerability
20-07-2017 - 01:33 16-10-2006 - 23:07
CVE-2006-5874 5.0
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
15-09-2010 - 05:30 10-12-2006 - 02:28
CVE-2007-0897 4.3
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record l
29-07-2017 - 01:30 16-02-2007 - 19:28
CVE-2007-0898 6.4
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message. This vulnerability is addressed in the fo
29-07-2017 - 01:30 16-02-2007 - 19:28
CVE-2007-1745 7.1
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE
29-07-2017 - 01:30 16-04-2007 - 21:19
CVE-2007-2650 5.0
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demons
08-03-2011 - 02:54 14-05-2007 - 21:19
CVE-2007-4510 4.3
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function
29-07-2017 - 01:32 23-08-2007 - 19:17
CVE-2007-4560 7.6
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
15-10-2018 - 21:36 28-08-2007 - 01:17
CVE-2007-6335 7.5
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
29-09-2017 - 01:29 20-12-2007 - 01:46
CVE-2007-6336 6.8
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
08-08-2017 - 01:29 20-12-2007 - 01:46
CVE-2008-0318 10.0
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-ba
07-03-2011 - 05:00 12-02-2008 - 20:00
CVE-2008-1389 5.0
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
08-03-2011 - 03:07 04-09-2008 - 16:41
CVE-2008-1835 5.0
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2008-1837 5.0
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2008-3912 5.0
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
08-08-2017 - 01:32 11-09-2008 - 01:13
CVE-2008-3913 5.0
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
08-08-2017 - 01:32 11-09-2008 - 01:13
CVE-2008-3914 10.0
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
08-08-2017 - 01:32 11-09-2008 - 01:13
CVE-2008-5050 9.3
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, whic
11-10-2018 - 20:53 13-11-2008 - 02:30
CVE-2008-5314 4.3
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_ph
29-09-2017 - 01:32 03-12-2008 - 17:30
CVE-2009-1241 7.5
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive.
10-10-2018 - 19:35 03-04-2009 - 18:30
CVE-2005-3239 7.8
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree f
02-04-2010 - 05:50 14-10-2005 - 19:02
CVE-2006-0162 7.5
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
20-07-2017 - 01:29 10-01-2006 - 19:03
CVE-2005-3500 5.0
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the sa
08-03-2011 - 02:26 05-11-2005 - 11:02
CVE-2005-3587 10.0
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
02-04-2010 - 06:06 16-11-2005 - 07:42
CVE-2007-3725 4.3
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
15-10-2018 - 21:30 12-07-2007 - 16:30
CVE-2008-2713 5.0
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
08-08-2017 - 01:31 16-06-2008 - 21:41
CVE-2004-1876 4.6
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
11-07-2017 - 01:31 30-03-2004 - 05:00
CVE-2005-0133 5.0
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
10-09-2008 - 19:35 02-05-2005 - 04:00
CVE-2005-0218 5.0
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
10-09-2008 - 19:35 02-05-2005 - 04:00
CVE-2006-1614 5.1
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary co
18-10-2018 - 16:33 06-04-2006 - 22:04
CVE-2006-1630 5.0
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
20-07-2017 - 01:30 06-04-2006 - 22:04
CVE-2003-0946 7.5
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email add
18-10-2016 - 02:38 15-12-2003 - 05:00
CVE-2004-0270 5.0
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling
10-10-2017 - 01:30 23-11-2004 - 05:00
CVE-2004-1909 2.6
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
11-07-2017 - 01:31 31-12-2004 - 05:00
CVE-2005-2919 5.0
libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.
11-07-2017 - 01:33 20-09-2005 - 23:03
CVE-2005-2920 7.5
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
11-07-2017 - 01:33 20-09-2005 - 23:03
CVE-2005-3303 7.5
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
08-03-2011 - 02:26 05-11-2005 - 11:02
CVE-2005-1800 4.3
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
10-09-2008 - 19:40 28-05-2005 - 04:00
CVE-2005-1922 5.0
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
05-09-2008 - 20:50 05-07-2005 - 04:00
CVE-2005-1923 2.6
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field se
05-09-2008 - 20:50 05-07-2005 - 04:00
CVE-2007-2029 7.8
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
29-07-2017 - 01:31 30-04-2007 - 22:19
CVE-2005-2056 2.6
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
15-11-2008 - 05:48 29-06-2005 - 04:00
CVE-2005-2450 7.5
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
11-07-2017 - 01:32 03-08-2005 - 04:00
CVE-2006-1989 5.1
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. This vulnerability is addressed in the following product release: C
20-07-2017 - 01:31 01-05-2006 - 19:06
CVE-2008-3215 5.0
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
08-08-2017 - 01:31 18-07-2008 - 16:41
CVE-2006-6406 5.0
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
17-10-2018 - 21:48 10-12-2006 - 02:28
CVE-2006-6481 5.0
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006
08-03-2011 - 02:46 12-12-2006 - 01:28
CVE-2006-2427 7.2
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displa
18-10-2018 - 16:39 17-05-2006 - 10:06
CVE-2007-1997 7.5
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which
29-07-2017 - 01:31 16-04-2007 - 21:19
CVE-2007-3023 10.0
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
31-10-2012 - 02:37 07-06-2007 - 21:30
CVE-2007-3024 2.1
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
05-09-2008 - 21:24 07-06-2007 - 22:30
CVE-2007-3025 5.0
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular ex
05-09-2008 - 21:24 07-06-2007 - 22:30
CVE-2007-3122 5.0
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
29-07-2017 - 01:31 07-06-2007 - 21:30
CVE-2007-3123 5.0
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
29-07-2017 - 01:31 07-06-2007 - 21:30
CVE-2008-1387 4.3
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
11-10-2018 - 20:33 16-04-2008 - 16:05
CVE-2008-1836 4.3
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
08-08-2017 - 01:30 16-04-2008 - 16:05
CVE-2005-1711 7.5
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
05-09-2008 - 20:49 24-05-2005 - 04:00
CVE-2005-3229 5.1
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened
18-10-2016 - 03:33 14-10-2005 - 10:02
CVE-2007-6029 7.5
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does no
05-09-2008 - 21:32 20-11-2007 - 02:46
CVE-2007-6337 10.0
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
08-03-2011 - 03:02 31-12-2007 - 19:46
CVE-2008-0314 7.5
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
08-08-2017 - 01:29 16-04-2008 - 15:05
CVE-2008-1100 10.0
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
08-08-2017 - 01:29 14-04-2008 - 16:05
CVE-2008-1833 7.5
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
08-08-2017 - 01:30 16-04-2008 - 15:05
CVE-2007-6595 2.1
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
15-10-2018 - 21:55 31-12-2007 - 19:46
CVE-2007-6596 5.0
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
15-10-2018 - 21:55 31-12-2007 - 19:46
Back to Top Mark selected
Back to Top