U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • CPE Product Version: cpe:/a:clamav:clamav:0.80:rc1
There are 9 matching records.
Displaying matches 1 through 9.
Vuln ID Summary CVSS Severity
CVE-2014-9050

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

Published: December 01, 2014; 10:59:10 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

Published: August 05, 2011; 5:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1003

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Published: February 23, 2011; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-4479

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

Published: December 07, 2010; 8:53:30 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4261

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

Published: December 07, 2010; 8:53:29 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2010-4260

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

Published: December 07, 2010; 8:53:29 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2008-0728

The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."

Published: February 12, 2008; 3:00:00 PM -0500
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2006-1615

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

Published: April 06, 2006; 6:04:00 PM -0400
V3.x:(not available)
V2.0: 10.0 HIGH
CVE-2005-3501

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

Published: November 05, 2005; 6:02:00 AM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM