Vulnerabilities > Clamav > Critical
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-01 | CVE-2023-20032 | Out-of-bounds Write vulnerability in multiple products On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. | 9.8 |
| 2018-01-26 | CVE-2017-12379 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. | 10.0 |
| 2018-01-26 | CVE-2017-12377 | Out-of-bounds Read vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. | 10.0 |
| 2018-01-26 | CVE-2017-12376 | Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. | 9.3 |
| 2009-04-23 | CVE-2009-1372 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Clamav Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL. | 10.0 |
| 2008-12-12 | CVE-2008-5525 | Improper Input Validation vulnerability in Clamav 0.93.1/0.94.1 ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. | 9.3 |
| 2008-09-11 | CVE-2008-3914 | Information Exposure vulnerability in Clamav Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the "error path" in (1) libclamav/others.c and (2) libclamav/sis.c. | 10.0 |
| 2008-02-12 | CVE-2008-0728 | Resource Management Errors vulnerability in Clamav The unmew11 function in libclamav/mew.c in libclamav in ClamAV before 0.92.1 has unknown impact and attack vectors that trigger "heap corruption." | 10.0 |
| 2006-04-06 | CVE-2006-1615 | USE of Externally-Controlled Format String vulnerability in Clamav Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. | 10.0 |