Vulnerabilities > Clamav > Clamav > High

DATE CVE VULNERABILITY TITLE RISK
2024-09-04 CVE-2024-20505 Out-of-bounds Read vulnerability in Clamav
A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read.
network
low complexity
clamav CWE-125
7.5
2023-02-17 CVE-2022-20803 Double Free vulnerability in Clamav 0.104.0/0.104.1/0.104.2
A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free.
network
low complexity
clamav CWE-415
7.5
2022-08-10 CVE-2022-20792 Out-of-bounds Write vulnerability in Clamav
A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution.
local
low complexity
clamav CWE-787
7.8
2022-05-04 CVE-2022-20770 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco fedoraproject debian
7.5
2022-05-04 CVE-2022-20771 On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco fedoraproject debian
7.5
2022-05-04 CVE-2022-20785 Memory Leak vulnerability in multiple products
On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav cisco fedoraproject debian CWE-401
7.5
2022-01-14 CVE-2022-20698 Out-of-bounds Read vulnerability in multiple products
A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian canonical CWE-125
7.5
2021-04-08 CVE-2021-1405 Missing Initialization of Resource vulnerability in multiple products
A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav debian CWE-909
7.5
2021-04-08 CVE-2021-1404 Out-of-bounds Read vulnerability in Clamav 0.103.0/0.103.1
A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav CWE-125
7.5
2021-04-08 CVE-2021-1252 Infinite Loop vulnerability in Clamav 0.103.0/0.103.1
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.
network
low complexity
clamav CWE-835
7.5