Clam Anti-virus » Clamav » 0.90.3 p0 : Security Vulnerabilities, CVEs, (Overflow)
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
Max CVSS
9.3
EPSS Score
5.36%
Published
2008-11-13
Updated
2018-10-11
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
Max CVSS
10.0
EPSS Score
53.22%
Published
2008-02-12
Updated
2011-03-07
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
Max CVSS
6.8
EPSS Score
17.51%
Published
2007-12-20
Updated
2017-08-08
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
Max CVSS
7.5
EPSS Score
24.62%
Published
2007-12-20
Updated
2017-09-29
4 vulnerabilities found