RSS   Vulnerabilities for 'Clamav'   RSS

2021-04-08
 
CVE-2021-1252

CWE-20
 

 
A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition.

 
2021-03-19
 
CVE-2021-27506

NVD-CWE-noinfo
 

 
The ClamAV Engine (Version 0.103.1 and below) embedded in Storsmshield Network Security (1.0 to 4.1.5) is subject to DoS in case of parsing of malformed png files.

 
2020-07-20
 
CVE-2020-3481

CWE-476
 

 
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

 
2020-02-05
 
CVE-2020-3123

CWE-125
 

 
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.

 
2020-01-15
 
CVE-2019-15961

CWE-400
 

 
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.

 
2019-11-15
 
CVE-2013-7089

CWE-200
 

 
ClamAV before 0.97.7: dbg_printhex possible information leak

 
 
CVE-2013-7088

CWE-120
 

 
ClamAV before 0.97.7 has buffer overflow in the libclamav component

 
 
CVE-2013-7087

CWE-119
 

 
ClamAV before 0.97.7 has WWPack corrupt heap memory

 
2019-11-07
 
CVE-2007-6745

NVD-CWE-Other
 

 
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

 
2019-11-06
 
CVE-2007-0899

CWE-787
 

 
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

 


Copyright 2021, cxsecurity.com

 

Back to Top