RSS   Vulnerabilities for 'Clamav'   RSS

2019-11-15
 
CVE-2013-7089

CWE-200
 

 
ClamAV before 0.97.7: dbg_printhex possible information leak

 
 
CVE-2013-7088

CWE-120
 

 
ClamAV before 0.97.7 has buffer overflow in the libclamav component

 
 
CVE-2013-7087

CWE-119
 

 
ClamAV before 0.97.7 has WWPack corrupt heap memory

 
2019-11-07
 
CVE-2007-6745

NVD-CWE-Other
 

 
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.

 
2019-11-06
 
CVE-2007-0899

CWE-787
 

 
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.

 
2019-11-05
 
CVE-2019-12625

CWE-404
 

 
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.

 
2019-04-08
 
CVE-2019-1798

CWE-125
 

 
A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

 
 
CVE-2019-1788

CWE-20
 

 
A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV Software. An exploit could allow the attacker to cause an out-of-bounds write condition, resulting in a crash that could result in a denial of service condition on an affected device.

 
 
CVE-2019-1787

CWE-125
 

 
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

 
 
CVE-2019-1786

CWE-125
 

 
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause an out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device.

 


Copyright 2019, cxsecurity.com

 

Back to Top