Filtered by vendor Clamav Subscriptions
Total 93 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2008-3914 1 Clamav 1 Clamav 2024-11-21 N/A
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
CVE-2008-3913 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 N/A
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
CVE-2008-3912 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 N/A
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
CVE-2008-0728 1 Clamav 1 Clamav 2024-11-21 N/A
The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
CVE-2007-6745 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 9.8 Critical
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
CVE-2007-2650 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 N/A
The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
CVE-2007-0899 2 Clamav, Debian 2 Clamav, Debian Linux 2024-11-21 9.8 Critical
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
CVE-2007-0897 3 Apple, Clamav, Debian 3 Mac Os X Server, Clamav, Debian Linux 2024-11-21 7.5 High
Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
CVE-2006-4018 1 Clamav 1 Clamav 2024-11-21 N/A
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
CVE-2006-1615 1 Clamav 1 Clamav 2024-11-21 N/A
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.
CVE-2005-3501 1 Clamav 1 Clamav 2024-11-21 N/A
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.
CVE-2024-20505 1 Clamav 1 Clamav 2024-09-12 4 Medium
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.
CVE-2024-20506 1 Clamav 1 Clamav 2024-09-12 6.1 Medium
A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.