CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2013-7087
https://notcve.org/view.php?id=CVE-2013-7087
ClamAV before 0.97.7 has WWPack corrupt heap memory ClamAV versiones anteriores a la versión 0.97.7, tiene una memoria de la pila corrupta de WWPack. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 http://www.securityfocus.com/bid/58546 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7087 https://security-tracker.debian.org/tracker/CVE-2013-7087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 1%CPEs: 6EXPL: 0CVE-2013-7089
https://notcve.org/view.php?id=CVE-2013-7089
ClamAV before 0.97.7: dbg_printhex possible information leak ClamAV versiones anteriores a la versión 0.97.7: posible fuga de información de la función dbg_printhex. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7089 https://security-tracker.debian.org/tracker/CVE-2013-7089 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2013-7088
https://notcve.org/view.php?id=CVE-2013-7088
ClamAV before 0.97.7 has buffer overflow in the libclamav component ClamAV versiones anteriores a la versión 0.97.7, tiene un desbordamiento de búfer en el componente libclamav. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 http://www.securityfocus.com/bid/58546 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7088 https://security-tracker.debian.org/tracker/CVE-2013-7088 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 5.0EPSS: 13%CPEs: 60EXPL: 0CVE-2013-2020
https://notcve.org/view.php?id=CVE-2013-2020
Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Desbordamiento de entero en la función cli_scanpe en pe.c en ClamAV anterior a v0.97.8 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un desplazamiento mayor que el tamaño de las secciones PE en un paquete ejecutable UPX, que dispara un error de salida de rango en la lectura. • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html http://lists.fedoraproject.org/pipermail/package-announce&# • CWE-189: Numeric Errors •
CVSS: 4.3EPSS: 7%CPEs: 14EXPL: 0CVE-2013-2021
https://notcve.org/view.php?id=CVE-2013-2021
pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. pdf.c en ClamAV v0.97.1 hasta v0.97.7 ermite a atacantes remotos provocar una denegación de servicio (lectura fuera de limite) a través de la modificación de longitud en un fichero PDF cifrado. • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00002.html http://lists.apple.com/archives/security-announce/2013/Sep/msg00004.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109514.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109639.html http://lists.fedoraproject.org/pipermail/package-announce/2013-June/109652.html http://lists.fedoraproject.org/pipermail/package-announce&# • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •