MidnightBSD

Advisories for clamav

CVE-2005-3501 MEDIUM

The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.51
clamav clamav 0.83
clamav clamav 0.85.1
clamav clamav 0.67-1
clamav clamav 0.54
clamav clamav 0.66
clamav clamav 0.67
clamav clamav 0.74
clamav clamav 0.82
clamav clamav 0.86.2
clamav clamav 0.13
clamav clamav 0.14
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.02
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.03
clamav clamav 0.52
clamav clamav 0.68
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.24
clamav clamav 0.80
clamav clamav 0.68.1
clamav clamav 0.53
clamav clamav 0.86.1
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.85
clamav clamav 0.75
CVE-2006-1615 HIGH

Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.13
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.24
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.67-1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.14
clamav clamav 0.02
clamav clamav 0.21
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.52
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
CVE-2007-0897 MEDIUM

Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
clamav clamav *
apple mac_os_x_server *
debian debian_linux 3.1
CVE-2010-0098 HIGH

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.3
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.14
clamav clamav 0.93.1
clamavs clamav 0.04
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.3
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamavs clamav 0.06
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-1311 MEDIUM

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.3
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.14
clamav clamav 0.93.1
clamavs clamav 0.04
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.3
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamavs clamav 0.06
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-1639 MEDIUM

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.3
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-1640 MEDIUM

Off-by-one error in the parseicon function in libclamav/pe_icons.c in ClamAV 0.96 allows remote attackers to cause a denial of service (crash) via a crafted PE icon that triggers an out-of-bounds read, related to improper rounding during scaling.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
clamav clamav 0.96
CVE-2010-3434 HIGH

Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV before 0.96.3 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.3
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-4260 MEDIUM

Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396."

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.96.3
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.96.2
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-4261 HIGH

Off-by-one error in the icon_cb function in pe_icons.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute arbitrary code via unspecified vectors. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-189,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.96.3
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.96.2
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2010-4479 HIGH

Unspecified vulnerability in pdf.c in libclamav in ClamAV before 0.96.5 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka "bb #2380," a different vulnerability than CVE-2010-4260.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.96.3
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.96.2
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2011-1003 MEDIUM

Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV before 0.97 might allow remote attackers to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of these details are obtained from third party information.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.96.3
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.96.2
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.96.4
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2011-2721 MEDIUM

Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV before 0.97.2 allows remote attackers to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.96.3
clamav clamav 0.13
clamav clamav 0.95.3
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.95.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.97
clamav clamav 0.67-1
clamav clamav 0.95.1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.96.2
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.96
clamav clamav 0.02
clamav clamav 0.96.4
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.96.5
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2011-3627 MEDIUM

The bytecode engine in ClamAV before 0.97.3 allows remote attackers to cause a denial of service (crash) via vectors related to "recursion level" and (1) libclamav/bytecode.c and (2) libclamav/bytecode_api.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.97
clamav clamav 0.93.2
clamav clamav 0.95.1
clamav clamav 0.90.2
clamav clamav 0.96.3
clamav clamav 0.92.1
clamav clamav 0.95.3
clamav clamav 0.96.2
clamav clamav 0.93.1
clamav clamav 0.9
clamav clamav 0.96
clamav clamav 0.96.4
clamav clamav 0.95.2
clamav clamav 0.91
clamav clamav 0.95
clamav clamav 0.94.2
clamav clamav 0.96.5
clamav clamav 0.93.3
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.97.1
clamav clamav 0.91.1
clamav clamav 0.94
CVE-2012-1419 MEDIUM

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
clamav clamav 0.96.4
cat quick_heal 11.00
CVE-2012-1443 MEDIUM

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command Antivirus 5.2.11.5, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Emsisoft Anti-Malware 5.1.0.1, PC Tools AntiVirus 7.0.3.5, F-Prot Antivirus 4.6.2.117, VirusBuster 13.6.151.0, Fortinet Antivirus 4.2.254.0, Antiy Labs AVL SDK 2.0.3.7, K7 AntiVirus 9.77.3565, Trend Micro HouseCall 9.120.0.1004, Kaspersky Anti-Virus 7.0.0.125, Jiangmin Antivirus 13.0.900, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, Sophos Anti-Virus 4.61.0, NOD32 Antivirus 5795, Avira AntiVir 7.11.1.163, Norman Antivirus 6.06.12, McAfee Anti-Virus Scanning Engine 5.400.0.1158, Panda Antivirus 10.0.2.7, McAfee Gateway (formerly Webwasher) 2010.1C, Trend Micro AntiVirus 9.120.0.1004, Comodo Antivirus 7424, Bitdefender 7.2, eSafe 7.0.17.0, F-Secure Anti-Virus 9.0.16160.0, nProtect Anti-Virus 2011-01-17.01, AhnLab V3 Internet Security 2011.01.18.00, AVG Anti-Virus 10.0.0.1190, avast! Antivirus 4.8.1351.0 and 5.0.677.0, and VBA32 3.12.14.2 allows user-assisted remote attackers to bypass malware detection via a RAR file with an initial MZ character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different RAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
avg avg_anti-virus 10.0.0.1190
authentium command_antivirus 5.2.11.5
fortinet fortinet_antivirus 4.2.254.0
norman norman_antivirus_&_antispyware 6.06.12
anti-virus vba32 3.12.14.2
f-prot f-prot_antivirus 4.6.2.117
aladdin esafe 7.0.17.0
gdata-software g_data_antivirus 21
k7computing antivirus 9.77.3565
mcafee gateway 2010.1c
ahnlab v3_internet_security 2011.01.18.00
clamav clamav 0.96.4
trendmicro trend_micro_antivirus 9.120.0.1004
alwil avast_antivirus 5.0.677.0
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
trendmicro housecall 9.120.0.1004
mcafee scan_engine 5.400.0.1158
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
bitdefender bitdefender 7.2
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
jiangmin jiangmin_antivirus 13.0.900
f-secure f-secure_anti-virus 9.0.16160.0
alwil avast_antivirus 4.8.1351.0
kaspersky kaspersky_anti-virus 7.0.0.125
antiy avl_sdk 2.0.3.7
nprotect nprotect_antivirus 2011-01-17.01
cat quick_heal 11.00
comodo comodo_antivirus 7424
pandasecurity panda_antivirus 10.0.2.7
pc_tools pc_tools_antivirus 7.0.3.5
symantec endpoint_protection 11.0
virusbuster virusbuster 13.6.151.0
sophos sophos_anti-virus 4.61.0
avira antivir 7.11.1.163
CVE-2012-1457 MEDIUM

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
avg avg_anti-virus 10.0.0.1190
authentium command_antivirus 5.2.11.5
norman norman_antivirus_&_antispyware 6.06.12
anti-virus vba32 3.12.14.2
f-prot f-prot_antivirus 4.6.2.117
aladdin esafe 7.0.17.0
gdata-software g_data_antivirus 21
k7computing antivirus 9.77.3565
mcafee gateway 2010.1c
clamav clamav 0.96.4
trendmicro trend_micro_antivirus 9.120.0.1004
alwil avast_antivirus 5.0.677.0
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
trendmicro housecall 9.120.0.1004
mcafee scan_engine 5.400.0.1158
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
bitdefender bitdefender 7.2
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
jiangmin jiangmin_antivirus 13.0.900
alwil avast_antivirus 4.8.1351.0
kaspersky kaspersky_anti-virus 7.0.0.125
antiy avl_sdk 2.0.3.7
cat quick_heal 11.00
pc_tools pc_tools_antivirus 7.0.3.5
symantec endpoint_protection 11.0
virusbuster virusbuster 13.6.151.0
avira antivir 7.11.1.163
CVE-2012-1458 MEDIUM

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
clamav clamav 0.96.4
sophos sophos_anti-virus 4.61.0
CVE-2012-1459 MEDIUM

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-264,

Products Affected

Vendor Product Version
avg avg_anti-virus 10.0.0.1190
authentium command_antivirus 5.2.11.5
fortinet fortinet_antivirus 4.2.254.0
norman norman_antivirus_&_antispyware 6.06.12
anti-virus vba32 3.12.14.2
f-prot f-prot_antivirus 4.6.2.117
gdata-software g_data_antivirus 21
k7computing antivirus 9.77.3565
mcafee gateway 2010.1c
ahnlab v3_internet_security 2011.01.18.00
clamav clamav 0.96.4
trendmicro trend_micro_antivirus 9.120.0.1004
alwil avast_antivirus 5.0.677.0
eset nod32_antivirus 5795
rising-global rising_antivirus 22.83.00.03
trendmicro housecall 9.120.0.1004
mcafee scan_engine 5.400.0.1158
ikarus ikarus_virus_utilities_t3_command_line_scanner 1.1.97.0
bitdefender bitdefender 7.2
microsoft security_essentials 2.0
emsisoft anti-malware 5.1.0.1
jiangmin jiangmin_antivirus 13.0.900
f-secure f-secure_anti-virus 9.0.16160.0
alwil avast_antivirus 4.8.1351.0
kaspersky kaspersky_anti-virus 7.0.0.125
antiy avl_sdk 2.0.3.7
nprotect nprotect_antivirus 2011-01-17.01
cat quick_heal 11.00
comodo comodo_antivirus 7424
pandasecurity panda_antivirus 10.0.2.7
pc_tools pc_tools_antivirus 7.0.3.5
symantec endpoint_protection 11.0
virusbuster virusbuster 13.6.151.0
sophos sophos_anti-virus 4.61.0
avira antivir 7.11.1.163
CVE-2013-2020 MEDIUM

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-189,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.97
clamav clamav 0.93.2
clamav clamav 0.95.1
clamav clamav 0.97.4
canonical ubuntu_linux 13.04
clamav clamav 0.90.2
canonical ubuntu_linux 11.10
suse linux_enterprise_server 11.0
clamav clamav 0.92_p0
clamav clamav 0.96.3
clamav clamav 0.92.1
clamav clamav 0.95.3
clamav clamav 0.96.2
clamav clamav 0.93.1
clamav clamav 0.90.3_p1
canonical ubuntu_linux 12.10
clamav clamav 0.9
clamav clamav 0.96
clamav clamav 0.96.4
clamav clamav 0.97.2
clamav clamav 0.95.2
clamav clamav 0.91
clamav clamav 0.95
canonical ubuntu_linux 10.04
clamav clamav 0.94.2
clamav clamav 0.96.5
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.93.3
clamav clamav 0.97.5
canonical ubuntu_linux 12.04
clamav clamav 0.97.3
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.96.1
clamav clamav 0.90.3_p0
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.97.1
clamav clamav 0.91.1
clamav clamav 0.94
CVE-2013-2021 MEDIUM

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav 0.97.6
clamav clamav 0.97.4
canonical ubuntu_linux 13.04
clamav clamav 0.97.5
canonical ubuntu_linux 11.10
suse linux_enterprise_server 11.0
canonical ubuntu_linux 12.04
clamav clamav 0.97.3
canonical ubuntu_linux 12.10
clamav clamav 0.97.2
clamav clamav 0.97.7
canonical ubuntu_linux 10.04
clamav clamav 0.97.1
CVE-2013-6497 LOW

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.

CVSS 2.0

Severity: LOW

Problem Type: CWE-17,

Products Affected

Vendor Product Version
clamav clamav *
CVE-2013-7087 HIGH

ClamAV before 0.97.7 has WWPack corrupt heap memory

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 9.0
fedoraproject fedora 18
fedoraproject fedora 17
debian debian_linux 8.0
debian debian_linux 10.0
CVE-2013-7088 HIGH

ClamAV before 0.97.7 has buffer overflow in the libclamav component

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-120,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 9.0
fedoraproject fedora 18
fedoraproject fedora 17
debian debian_linux 8.0
debian debian_linux 10.0
CVE-2013-7089 MEDIUM

ClamAV before 0.97.7: dbg_printhex possible information leak

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 9.0
fedoraproject fedora 18
fedoraproject fedora 17
debian debian_linux 8.0
debian debian_linux 10.0
CVE-2014-9050 MEDIUM

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 0.51
clamav clamav 0.85.1
clamav clamav 0.93.2
clamav clamav 0.54
clamav clamav 0.67
clamav clamav 0.90.2
clamav clamav 0.74
clamav clamav 0.86.2
clamav clamav 0.88
clamav clamav 0.13
clamav clamav 0.20
clamav clamav 0.01
clamav clamav 0.05
clamav clamav 0.90.3_p1
clamav clamav 0.9
clamav clamav 0.88.2
clamav clamav 0.88.6
clamav clamav 0.91
clamav clamav 0.88.7_p1
clamav clamav 0.88.3
clamav clamav 0.90.1_p0
clamav clamav 0.91.2_p0
clamav clamav 0.60
clamav clamav 0.72
clamav clamav 0.87
clamav clamav 0.87.1
clamav clamav 0.88.5
clamav clamav 0.03
clamav clamav 0.68
clamav clamav 0.90.3_p0
clamav clamav 0.24
clamav clamav 0.90.1
clamav clamav 0.92
clamav clamav 0.53
clamav clamav 0.12
clamav clamav 0.23
clamav clamav 0.94
clamav clamav 0.75
clamav clamav 0.60p
clamav clamav 0.10
clamav clamav 0.83
clamav clamav 0.90
clamav clamav 0.91.2
clamav clamav 0.67-1
clamav clamav 0.66
clamav clamav 0.82
clamav clamav 0.92_p0
clamav clamav 0.88.4
clamav clamav 0.92.1
clamav clamav 0.14
clamav clamav 0.93.1
clamav clamav 0.02
clamav clamav 0.80_rc
clamav clamav 0.21
clamav clamav 0.88.1
clamav clamav 0.73
clamav clamav 0.15
clamav clamav 0.86
clamav clamav 0.94.2
clamav clamav 0.3
clamav clamav 0.71
clamav clamav 0.70
clamav clamav 0.93.3
clamav clamav 0.22
clamav clamav 0.8
clamav clamav 0.88.7_p0
clamav clamav 0.52
clamav clamav 0.94.1
clamav clamav 0.93
clamav clamav 0.90.2_p0
clamav clamav 0.90.3
clamav clamav 0.75.1
clamav clamav 0.65
clamav clamav 0.81
clamav clamav 0.84
clamav clamav 0.80
clamav clamav 0.88.7
clamav clamav 0.68.1
clamav clamav 0.86.1
clamav clamav 0.85
clamav clamav 0.91.1
CVE-2014-9328 HIGH

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2015-1461 HIGH

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2015-1462 HIGH

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition."

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2015-1463 MEDIUM

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization."

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-17,

Products Affected

Vendor Product Version
clamav clamav *
fedoraproject fedora 20
fedoraproject fedora 21
CVE-2015-2170 MEDIUM

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 14.10
canonical ubuntu_linux 12.04
canonical ubuntu_linux 15.04
CVE-2015-2221 MEDIUM

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.1
canonical ubuntu_linux 14.10
canonical ubuntu_linux 12.04
CVE-2015-2222 MEDIUM

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.1
canonical ubuntu_linux 14.10
canonical ubuntu_linux 12.04
CVE-2015-2668 MEDIUM

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-399,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 15.1
canonical ubuntu_linux 14.10
canonical ubuntu_linux 12.04
CVE-2016-1371 MEDIUM

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-1372 MEDIUM

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-284,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
CVE-2016-1405 MEDIUM

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
cisco web_security_appliance 9.5.0-284
cisco web_security_appliance 8.8.0-085
cisco email_security_appliance 9.6.0-042
cisco web_security_appliance 9.1.0-070
CVE-2017-12374 HIGH

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing operations (mbox.c operations on bounce messages). If successfully exploited, the ClamAV software could allow a variable pointing to the mail body which could cause a used after being free (use-after-free) instance which may lead to a disruption of services on an affected device to include a denial of service condition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-416,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12375 HIGH

The ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of input validation checking mechanisms during certain mail parsing functions (the rfc2047 function in mbox.c). An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition on an affected device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12376 HIGH

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause a handle_pdfname (in pdf.c) buffer overflow when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12377 HIGH

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in mew packet files sent to an affected device. A successful exploit could cause a heap-based buffer over-read condition in mew.c when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition or potentially execute arbitrary code on the affected device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12378 HIGH

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms of .tar (Tape Archive) files sent to an affected device. A successful exploit could cause a checksum buffer over-read condition when ClamAV scans the malicious .tar file, potentially allowing the attacker to cause a DoS condition on the affected device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12379 HIGH

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a messageAddArgument (in message.c) buffer overflow condition when ClamAV scans the malicious email, allowing the attacker to potentially cause a DoS condition or execute arbitrary code on an affected device.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-12380 HIGH

ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereference condition when ClamAV scans the malicious email, which may result in a DoS condition.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-476,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 7.0
CVE-2017-6418 MEDIUM

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
clamav clamav 0.99.2
CVE-2017-6420 MEDIUM

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-416,

Products Affected

Vendor Product Version
clamav clamav 0.99.2
CVE-2018-0202 MEDIUM

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 7.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 17.10
CVE-2018-0360 MEDIUM

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-190,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.04
debian debian_linux 8.0
CVE-2018-0361 MEDIUM

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 8.0
CVE-2018-1000085 MEDIUM

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
clamav clamav 0.99.3
debian debian_linux 7.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 17.10
CVE-2018-15378 MEDIUM

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.04
debian debian_linux 8.0
CVE-2019-12625 MEDIUM

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-400,CWE-404,

Products Affected

Vendor Product Version
clamav clamav *
CVE-2019-15961 HIGH

A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 6.5 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 2.8 3.6
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-400,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 14.04
cisco email_security_appliance_firmware 11.1.2-023
clamav clamav 0.102.0
canonical ubuntu_linux 12.04
debian debian_linux 8.0
cisco email_security_appliance_firmware 11.1.1-042
CVE-2019-1785 MEDIUM

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper error-handling mechanisms when processing nested RAR files sent to an affected device. An attacker could exploit this vulnerability by sending a crafted RAR file to an affected device. An exploit could allow the attacker to view or create arbitrary files on the targeted system.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-22,

Products Affected

Vendor Product Version
clamav clamav 0.101.0
clamav clamav 0.101.1
CVE-2019-1786 MEDIUM

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav 0.101.0
clamav clamav 0.101.1
CVE-2019-1787 MEDIUM

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
opensuse leap 42.3
opensuse leap 15.0
debian debian_linux 8.0
CVE-2019-1788 MEDIUM

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-787,

Products Affected

Vendor Product Version
clamav clamav *
opensuse leap 42.3
opensuse leap 15.0
debian debian_linux 8.0
CVE-2019-1789 MEDIUM

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
CVE-2019-1798 MEDIUM

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
CVE-2020-3123 MEDIUM

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,CWE-125,

Products Affected

Vendor Product Version
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
canonical ubuntu_linux 19.10
clamav clamav 0.102.1
clamav clamav 0.102.0
canonical ubuntu_linux 12.04
canonical ubuntu_linux 18.04
CVE-2020-3481 MEDIUM

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-476,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 31
clamav clamav *
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 12.04
fedoraproject fedora 32
canonical ubuntu_linux 18.04
canonical ubuntu_linux 20.04
CVE-2021-1252 HIGH

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-20,CWE-835,

Products Affected

Vendor Product Version
clamav clamav 0.103.0
clamav clamav 0.103.1
CVE-2021-1404 MEDIUM

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav 0.103.0
clamav clamav 0.103.1
CVE-2021-1405 MEDIUM

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper variable initialization that may result in an NULL pointer read. An attacker could exploit this vulnerability by sending a crafted email to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-120,CWE-909,

Products Affected

Vendor Product Version
clamav clamav *
debian debian_linux 9.0
CVE-2021-27506 MEDIUM

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. This affect Netasq versions 9.1.0 to 9.1.11 and SNS versions 1.0.0 to 4.2.0. This issue is fixed in SNS 3.7.19, 3.11.7 and 4.2.1.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-noinfo,

Products Affected

Vendor Product Version
clamav clamav *
netasq_project netasq *
stormshield stormshield_network_security *
CVE-2022-20698 MEDIUM

A vulnerability in the OOXML parsing module in Clam AntiVirus (ClamAV) Software version 0.104.1 and LTS version 0.103.4 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper checks that may result in an invalid pointer read. An attacker could exploit this vulnerability by sending a crafted OOXML file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,CWE-125,

Products Affected

Vendor Product Version
clamav clamav *
canonical ubuntu_linux 21.04
canonical ubuntu_linux 14.04
canonical ubuntu_linux 16.04
debian debian_linux 9.0
canonical ubuntu_linux 20.10
canonical ubuntu_linux 18.04
debian debian_linux 10.0
canonical ubuntu_linux 20.04
debian debian_linux 11.0
CVE-2022-20770 HIGH

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
clamav clamav *
fedoraproject fedora 35
debian debian_linux 9.0
cisco secure_endpoint *
fedoraproject fedora 34
CVE-2022-20771 HIGH

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-399,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
fedoraproject fedora 36
clamav clamav *
fedoraproject fedora 35
debian debian_linux 9.0
cisco secure_endpoint *
fedoraproject fedora 34
CVE-2022-20785 HIGH

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog. This advisory will be updated as additional information becomes available.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-401,CWE-401,

Products Affected

Vendor Product Version
fedoraproject fedora 36
clamav clamav *
fedoraproject fedora 35
debian debian_linux 9.0
cisco secure_endpoint *
fedoraproject fedora 34
CVE-2022-20792

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an authenticated, local attacker to crash ClamAV at database load time, and possibly gain code execution. The vulnerability is due to improper bounds checking that may result in a multi-byte heap buffer overwflow write. An attacker could exploit this vulnerability by placing a crafted CDB ClamAV signature database file in the ClamAV database directory. An exploit could allow the attacker to run code as the clamav user.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9
nvd@nist.gov 7.8 HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 1.8 5.9

Products Affected

Vendor Product Version
clamav clamav *
CVE-2022-20796 MEDIUM

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2 could allow an authenticated, local attacker to cause a denial of service condition on an affected device. For a description of this vulnerability, see the ClamAV blog.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.5 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H 1.8 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-822,CWE-476,

Products Affected

Vendor Product Version
fedoraproject fedora 36
fedoraproject fedora 35
debian debian_linux 9.0
clamav clamav 0.104.1
cisco secure_endpoint *
fedoraproject fedora 34
clamav clamav 0.103.5
clamav clamav 0.103.4
clamav clamav 0.104.2
CVE-2022-20803

A vulnerability in the OLE2 file parser of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device.The vulnerability is due to incorrect use of the realloc function that may result in a double-free. An attacker could exploit this vulnerability by submitting a crafted OLE2 file to be scanned by ClamAV on the affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6
ykramarz@cisco.com 8.6 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H 3.9 4.0

Products Affected

Vendor Product Version
clamav clamav *
CVE-2023-20032

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to execute arbitrary code. This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write. An attacker could exploit this vulnerability by submitting a crafted HFS+ partition file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the ClamAV scanning process, or else crash the process, resulting in a denial of service (DoS) condition. For a description of this vulnerability, see the ClamAV blog ["https://blog.clamav.net/"].

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9
ykramarz@cisco.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
clamav clamav *
stormshield stormshield_network_security *
cisco secure_endpoint *
cisco web_security_appliance *
clamav clamav 1.0.0
cisco secure_endpoint_private_cloud *
CVE-2023-20052

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and 0.103.7 and earlier could allow an unauthenticated, remote attacker to access sensitive information on an affected device. This vulnerability is due to enabling XML entity substitution that may result in XML external entity injection. An attacker could exploit this vulnerability by submitting a crafted DMG file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to leak bytes from any file that may be read by the ClamAV scanning process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N 3.9 1.4

Products Affected

Vendor Product Version
clamav clamav *
stormshield stormshield_network_security *
cisco secure_endpoint *
clamav clamav 1.0.0
cisco secure_endpoint_private_cloud *
CVE-2024-20328

A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 5.3 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L 1.8 3.4

Products Affected

Vendor Product Version
clamav clamav *
CVE-2024-20380

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
clamav clamav 1.3.0
CVE-2024-20505

A vulnerability in the PDF parsing module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an out of bounds read. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. An exploit could allow the attacker to terminate the scanning process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 4.0 MEDIUM CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 2.5 1.4

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 1.4.0
CVE-2024-20506

A vulnerability in the ClamD service module of Clam AntiVirus (ClamAV) versions 1.4.0, 1.3.2 and prior versions, all 1.2.x versions, 1.0.6 and prior versions, all 0.105.x versions, all 0.104.x versions, and 0.103.11 and all prior versions could allow an authenticated, local attacker to corrupt critical system files. The vulnerability is due to allowing the ClamD process to write to its log file while privileged without checking if the logfile has been replaced with a symbolic link. An attacker could exploit this vulnerability if they replace the ClamD log file with a symlink to a critical system file and then find a way to restart the ClamD process. An exploit could allow the attacker to corrupt a critical system file by appending ClamD log messages after restart.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
ykramarz@cisco.com 6.1 MEDIUM CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H 1.8 4.2

Products Affected

Vendor Product Version
clamav clamav *
clamav clamav 1.4.0
CVE-2025-20128

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@cisco.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
clamav clamav *
cisco secure_endpoint *
cisco secure_endpoint_private_cloud *
CVE-2025-20234

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@cisco.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
clamav clamav *
cisco secure_endpoint *
cisco secure_endpoint_private_cloud *
CVE-2025-20260

A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
psirt@cisco.com 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

Products Affected

Vendor Product Version
clamav clamav *