Vulnerabilities > Clamav
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2017-08-07 | CVE-2017-6420 | Use After Free vulnerability in Clamav 0.99.2 The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | 4.3 |
| 2017-08-07 | CVE-2017-6419 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in Libmspack Project Libmspack 0.5 mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | 6.8 |
| 2017-08-07 | CVE-2017-6418 | Out-of-bounds Read vulnerability in Clamav 0.99.2 libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | 4.3 |
| 2017-07-18 | CVE-2017-11423 | Out-of-bounds Read vulnerability in Libmspack Project Libmspack 0.5 The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | 4.3 |
| 2016-10-03 | CVE-2016-1372 | Improper Access Control vulnerability in multiple products ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | 4.3 |
| 2016-10-03 | CVE-2016-1371 | Improper Access Control vulnerability in multiple products ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | 4.3 |
| 2016-06-08 | CVE-2016-1405 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | 5.0 |
| 2015-05-12 | CVE-2015-2668 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | 5.0 |
| 2015-05-12 | CVE-2015-2222 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | 5.0 |
| 2015-05-12 | CVE-2015-2221 | Resource Management Errors vulnerability in multiple products ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | 5.0 |