Filtered by vendor Clamav
Subscribe
Total
93 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2012-1443 | 33 Ahnlab, Aladdin, Alwil and 30 more | 35 V3 Internet Security, Esafe, Avast Antivirus and 32 more | 2024-11-21 | 4.3 MEDIUM | N/A |
| The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations. | |||||
| CVE-2012-1419 | 2 Cat, Clamav | 2 Quick Heal, Clamav | 2024-11-21 | 4.3 MEDIUM | N/A |
| The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. | |||||
| CVE-2011-3627 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | N/A |
| The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. | |||||
| CVE-2011-2721 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. | |||||
| CVE-2011-1003 | 1 Clamav | 1 Clamav | 2024-11-21 | 6.8 MEDIUM | N/A |
| Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4479 | 1 Clamav | 1 Clamav | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. | |||||
| CVE-2010-4261 | 1 Clamav | 1 Clamav | 2024-11-21 | 7.5 HIGH | N/A |
| Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-4260 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | |||||
| CVE-2010-3434 | 1 Clamav | 1 Clamav | 2024-11-21 | 9.3 HIGH | N/A |
| Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-1640 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | N/A |
| Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling. | |||||
| CVE-2010-1639 | 1 Clamav | 1 Clamav | 2024-11-21 | 4.3 MEDIUM | N/A |
| The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. | |||||
| CVE-2010-1311 | 2 Clamav, Clamavs | 2 Clamav, Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. | |||||
| CVE-2010-0098 | 2 Clamav, Clamavs | 2 Clamav, Clamav | 2024-11-21 | 10.0 HIGH | N/A |
| ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. | |||||
| CVE-2009-1372 | 1 Clamav | 1 Clamav | 2024-11-21 | 10.0 HIGH | N/A |
| Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL. | |||||
| CVE-2009-1371 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. | |||||
| CVE-2009-1270 | 3 Canonical, Clamav, Debian | 3 Ubuntu Linux, Clamav, Debian Linux | 2024-11-21 | 7.8 HIGH | N/A |
| libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. | |||||
| CVE-2009-1241 | 1 Clamav | 1 Clamav | 2024-11-21 | 7.5 HIGH | N/A |
| Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. | |||||
| CVE-2008-6845 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. | |||||
| CVE-2008-6680 | 1 Clamav | 1 Clamav | 2024-11-21 | 5.0 MEDIUM | N/A |
| libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. | |||||
| CVE-2008-5525 | 2 Clamav, Microsoft | 2 Clamav, Internet Explorer | 2024-11-21 | 9.3 HIGH | N/A |
| ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | |||||