U.S. flag   An official website of the United States government
Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock (Dot gov) or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): cpe:2.3:a:clamav:clamav:0.95:rc1:*:*:*:*:*:*
  • CPE Name Search: true
There are 48 matching records.
Displaying matches 21 through 40.
Vuln ID Summary CVSS Severity
CVE-2017-12376

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.

Published: January 26, 2018; 3:29:00 PM -0500
V3.0: 7.8 HIGH
V2.0: 9.3 HIGH
CVE-2017-12375

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.

Published: January 26, 2018; 3:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2017-12374

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.

Published: January 26, 2018; 3:29:00 PM -0500
V3.0: 7.5 HIGH
V2.0: 7.8 HIGH
CVE-2016-1372

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.

Published: October 03, 2016; 2:59:03 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1371

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

Published: October 03, 2016; 2:59:02 PM -0400
V3.0: 5.5 MEDIUM
V2.0: 4.3 MEDIUM
CVE-2016-1405

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.

Published: June 08, 2016; 10:59:12 AM -0400
V3.0: 7.5 HIGH
V2.0: 5.0 MEDIUM
CVE-2015-2668

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

Published: May 12, 2015; 3:59:15 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2222

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

Published: May 12, 2015; 3:59:13 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2221

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

Published: May 12, 2015; 3:59:12 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-2170

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

Published: May 12, 2015; 3:59:09 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1463

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

Published: February 03, 2015; 11:59:34 AM -0500
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2015-1462

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:34 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2015-1461

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:33 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2014-9328

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

Published: February 03, 2015; 11:59:02 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH
CVE-2013-6497

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

Published: December 01, 2014; 10:59:00 AM -0500
V3.x:(not available)
V2.0: 2.1 LOW
CVE-2013-2020

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

Published: May 13, 2013; 7:55:02 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-3627

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

Published: November 17, 2011; 2:55:01 PM -0500
V3.x:(not available)
V2.0: 4.3 MEDIUM
CVE-2011-2721

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

Published: August 05, 2011; 5:55:08 PM -0400
V3.x:(not available)
V2.0: 5.0 MEDIUM
CVE-2011-1003

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

Published: February 23, 2011; 2:00:02 PM -0500
V3.x:(not available)
V2.0: 6.8 MEDIUM
CVE-2010-4479

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

Published: December 07, 2010; 8:53:30 AM -0500
V3.x:(not available)
V2.0: 7.5 HIGH