Vulnerabilities > Clamav > Medium
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2018-07-16 | CVE-2018-0360 | Integer Overflow or Wraparound vulnerability in multiple products ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. | 5.5 |
| 2018-03-27 | CVE-2018-0202 | Out-of-bounds Read vulnerability in multiple products clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2018-03-13 | CVE-2018-1000085 | Out-of-bounds Read vulnerability in multiple products ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. | 5.5 |
| 2018-01-26 | CVE-2017-12378 | Out-of-bounds Read vulnerability in multiple products ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. | 5.5 |
| 2017-08-07 | CVE-2017-6420 | Use After Free vulnerability in Clamav 0.99.2 The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | 5.5 |
| 2017-08-07 | CVE-2017-6418 | Out-of-bounds Read vulnerability in Clamav 0.99.2 libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | 5.5 |
| 2016-10-03 | CVE-2016-1372 | Improper Access Control vulnerability in multiple products ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | 5.5 |
| 2016-10-03 | CVE-2016-1371 | Improper Access Control vulnerability in multiple products ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | 5.5 |