Search Results (Refine Search)
- CPE Product Version: cpe:/a:clamav:clamav:0.94.1
Vuln ID | Summary | CVSS Severity |
---|---|---|
CVE-2014-9050 |
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Published: December 01, 2014; 10:59:10 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2013-6497 |
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Published: December 01, 2014; 10:59:00 AM -0500 |
V3.x:(not available) V2.0: 2.1 LOW |
CVE-2013-2020 |
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Published: May 13, 2013; 7:55:02 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-3627 |
The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c. Published: November 17, 2011; 2:55:01 PM -0500 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2011-2721 |
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations. Published: August 05, 2011; 5:55:08 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2011-1003 |
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information. Published: February 23, 2011; 2:00:02 PM -0500 |
V3.x:(not available) V2.0: 6.8 MEDIUM |
CVE-2010-4479 |
Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260. Published: December 07, 2010; 8:53:30 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-4261 |
Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information. Published: December 07, 2010; 8:53:29 AM -0500 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2010-4260 |
Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." Published: December 07, 2010; 8:53:29 AM -0500 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-3434 |
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information. Published: September 30, 2010; 11:00:04 AM -0400 |
V3.x:(not available) V2.0: 9.3 HIGH |
CVE-2010-1639 |
The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. Published: May 26, 2010; 2:30:01 PM -0400 |
V3.x:(not available) V2.0: 4.3 MEDIUM |
CVE-2010-1311 |
The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. Published: April 08, 2010; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2010-0098 |
ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. Published: April 08, 2010; 1:30:00 PM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1372 |
Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL. Published: April 23, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 10.0 HIGH |
CVE-2009-1371 |
The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. Published: April 23, 2009; 11:30:00 AM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1270 |
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. Published: April 08, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.8 HIGH |
CVE-2008-6680 |
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. Published: April 08, 2009; 12:30:00 PM -0400 |
V3.x:(not available) V2.0: 5.0 MEDIUM |
CVE-2009-1241 |
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. Published: April 03, 2009; 2:30:00 PM -0400 |
V3.x:(not available) V2.0: 7.5 HIGH |
CVE-2008-5525 |
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. Published: December 12, 2008; 1:30:02 PM -0500 |
V3.x:(not available) V2.0: 9.3 HIGH |