Clamav

clamav

CVEs (60)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2007-4510 2Clam Anti Virus Kolab 2Clamav Kolab Server Apr 23, 2026 Aug 23, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereferenc...Show more ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-3725 1Clam Anti Virus 1Clamav Apr 23, 2026 Jul 12, 2007 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
CVE-2007-3025 1Clam Anti Virus 1Clamav Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the...Show more Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.Show less
CVE-2007-3024 1Clam Anti Virus 1Clamav Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 2.1 LOW· v2 libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to rea...Show more libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.Show less
CVE-2007-3123 1Clam Anti Virus 1Clamav Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based...Show more unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.Show less
CVE-2007-3122 1Clam Anti Virus 1Clamav Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVE-2007-3023 1Clam Anti Virus 1Clamav Apr 23, 2026 Jun 7, 2007 N/A· v4 N/A· v3 10.0 HIGH· v2 unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
CVE-2007-2029 1Clam Anti Virus 1Clamav Apr 23, 2026 Apr 30, 2007 N/A· v4 N/A· v3 7.8 HIGH· v2 File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
CVE-2007-1997 1Clam Anti Virus 1Clamav Apr 23, 2026 Apr 16, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that conta...Show more Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.Show less
CVE-2007-1745 2Clam Anti Virus Ifenslave 2Clamav Ifenslave Apr 23, 2026 Apr 16, 2007 N/A· v4 N/A· v3 7.1 HIGH· v2 The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerabi...Show more The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.Show less
CVE-2007-0898 1Clam Anti Virus 1Clamav Apr 23, 2026 Feb 16, 2007 N/A· v4 N/A· v3 6.4 MEDIUM· v2 Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
CVE-2006-6481 1Clam Anti Virus 1Clamav Apr 23, 2026 Dec 12, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability t...Show more Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.Show less
CVE-2006-6406 1Clam Anti Virus 1Clamav Apr 23, 2026 Dec 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
CVE-2006-5874 1Clam Anti Virus 1Clamav Apr 23, 2026 Dec 10, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
CVE-2006-5295 1Clam Anti Virus 1Clamav Apr 23, 2026 Oct 16, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory...Show more Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."Show less
CVE-2006-4182 1Clam Anti Virus 1Clamav Apr 23, 2026 Oct 16, 2006 N/A· v4 N/A· v3 7.5 HIGH· v2 Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (...Show more Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.Show less
CVE-2006-2427 1Clam Anti Virus 2Clamav Clamxav Apr 16, 2026 May 17, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary file...Show more freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.Show less
CVE-2006-1989 1Clam Anti Virus 1Clamav Apr 16, 2026 May 1, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
CVE-2006-1630 1Clam Anti Virus 1Clamav Apr 16, 2026 Apr 6, 2006 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
CVE-2006-1614 1Clam Anti Virus 1Clamav Apr 16, 2026 Apr 6, 2006 N/A· v4 N/A· v3 5.1 MEDIUM· v2 Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and...Show more Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.Show less

Previous 123 Next