Page 11 of 55 results (0.005 seconds)

CVSS: 4.3EPSS: 1%CPEs: 94EXPL: 0

The cli_pdf function in libclamav/pdf.c in ClamAV before 0.96.1 allows remote attackers to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length. La función cli_pdf en libclamav/pdf.c en ClamAV anterior v0.96.1 permite a atacantes remotos causar una denegación de servicio (caída) a través de un archivo PDF manipulado, relacionado con una inconsistencia en la longitud de cadena calculada y la longuitud real de la cadena. • http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=commitdiff%3Bh=f0eb394501ec21b9fe67f36cbf5db788711d4236#patch2 http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055771.html http://lists.fedoraproject.org/pipermail/package-announce/2011-March/055777.html http://lists.opensuse.org/opensuse-security-announce/2010-08/msg00001.html http://secunia.com/advisories/39895 http://secunia.com/advisories/43752 http://www.mandriva.com/security/advisories?name=MDVSA-2010:110 http://www.securityfocus.com/ •

CVSS: 10.0EPSS: 2%CPEs: 96EXPL: 0

ClamAV before 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote attackers to bypass virus detection via a crafted archive that is compatible with standard archive utilities. ClamAV anterior a v0.96 no maneja adecuadamente los formatos de archivo (1) CAB y (2) 7z, lo que permite a atacantes remotos evitar la detección de virus a través de un archivo manipulado que es compatible con las utilidades de archivo estándar. • http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39293 http://secunia.com/advisories/39329 http://secunia.com/advisories/39656 http://support.apple.com/kb/HT4312 http://www.mandriva.com/security/advisories?name=MDVSA-2010:082 http://www.openwall.com/lists/ •

CVSS: 5.0EPSS: 21%CPEs: 96EXPL: 0

The qtm_decompress function in libclamav/mspack.c in ClamAV before 0.96 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details are obtained from third party information. La función qtm_decompress en libclamav/mspack.c en ClamAV anterior a v0.96, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria y caída de aplicación) a través de un archivo CAB manipulado que usa el formato de compresión Quantum (también conocido como .Q). NOTA: algunos de estos detalles han sido obtenidos a partir de información de terceros. • http://git.clamav.net/gitweb?p=clamav-devel.git%3Ba=blob_plain%3Bf=ChangeLog%3Bhb=clamav-0.96 http://lists.apple.com/archives/security-announce/2010//Aug/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2010-04/msg00006.html http://secunia.com/advisories/39293 http://secunia.com/advisories/39329 http://secunia.com/advisories/39656 http://support.apple.com/kb/HT4312 http://www.mandriva.com/security/advisories?name=MDVSA-2010:082 http://www.securityfocus.com/bid&#x • CWE-20: Improper Input Validation •

CVSS: 10.0EPSS: 16%CPEs: 99EXPL: 0

Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL. Desbordamiento de búfer basado en pila en la función cli_url_canon en libclamav/phishcheck.c en ClamAV antes de 0.95.1 permite a atacantes remotos provocar una denegación de servicio (cuelgue de la aplicación) y posiblemente ejecutar código de su elección mediante una URL manipulada. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/53603 http://secunia.com/advisories/34612 http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032 http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 http://www.securityfocus.com/bid/34446 http://www.securitytracker.com/id?1022028 http://www.vupen.com/english/advis • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •

CVSS: 5.0EPSS: 19%CPEs: 99EXPL: 0

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding. La macro CLI_ISCONTAINED en libclamav/others.h en ClamAV anteriores a v0.95.1 permite a atacantes remotos producir una denegación de servicio (caída de aplicación) a través de un fichero malformado con codificación UPack. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/53602 http://secunia.com/advisories/34612 http://secunia.com/advisories/34654 http://secunia.com/advisories/34716 http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://svn.clamav.net/websvn/filedetails.php?repname=clamav-devel&path=%2Ftrunk%2FChangeLog&rev=5032 http://www.debian.org/security/2009/dsa-1771 http://www.mandriva.com/security/advisories?name=MDVSA-2009: • CWE-20: Improper Input Validation •