Vulnerabilities > Clamav
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2008-12-12 | CVE-2008-5525 | Improper Input Validation vulnerability in Clamav 0.93.1/0.94.1 ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-09-11 | CVE-2008-3914 | Information Exposure vulnerability in Clamav Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | 10.0 |
| 2008-09-11 | CVE-2008-3913 | Memory Leak vulnerability in multiple products Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to "error handling logic". | 5.0 |
| 2008-09-11 | CVE-2008-3912 | Resource Management Errors vulnerability in multiple products libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition. | 5.0 |
| 2008-02-12 | CVE-2008-0728 | Resource Management Errors vulnerability in Clamav The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." | 10.0 |
| 2007-05-14 | CVE-2007-2650 | Resource Exhaustion vulnerability in multiple products The OLE2 parser in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service (resource consumption) via an OLE2 file with (1) a large property size or (2) a loop in the FAT file block chain that triggers an infinite loop, as demonstrated via a crafted DOC file. | 4.3 |
| 2007-02-16 | CVE-2007-0897 | Missing Release of Resource after Effective Lifetime vulnerability in multiple products Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor. | 7.5 |
| 2006-08-08 | CVE-2006-4018 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 through 0.88.3 allows remote attackers to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values. | 7.5 |
| 2006-04-06 | CVE-2006-1615 | USE of Externally-Controlled Format String vulnerability in Clamav Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. | 10.0 |
| 2005-11-05 | CVE-2005-3501 | Resource Management Errors vulnerability in Clamav The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length. | 4.3 |