The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file.
Max CVSS
4.3
EPSS Score
1.38%
Published
2007-05-14
Updated
2020-11-09
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
Max CVSS
10.0
EPSS Score
1.77%
Published
2007-06-07
Updated
2012-10-31
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2007-06-07
Updated
2008-09-05
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
Max CVSS
5.0
EPSS Score
2.05%
Published
2007-06-07
Updated
2017-07-29
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
Max CVSS
5.0
EPSS Score
14.62%
Published
2007-06-07
Updated
2017-07-29
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Max CVSS
7.5
EPSS Score
20.88%
Published
2008-04-16
Updated
2017-08-08
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
Max CVSS
5.0
EPSS Score
11.17%
Published
2008-09-04
Updated
2011-03-08
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
Max CVSS
7.5
EPSS Score
8.26%
Published
2008-04-16
Updated
2017-08-08
libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition.
Max CVSS
5.0
EPSS Score
0.39%
Published
2008-09-11
Updated
2020-11-09
Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic".
Max CVSS
5.0
EPSS Score
0.67%
Published
2008-09-11
Updated
2020-11-10
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c.
Max CVSS
10.0
EPSS Score
0.61%
Published
2008-09-11
Updated
2020-11-05
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!