CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 2CVE-2006-1989
https://notcve.org/view.php?id=CVE-2006-1989
01 May 2006 — Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers. • http://kolab.org/security/kolab-vendor-notice-09.txt •
CVSS: 9.8EPSS: 41%CPEs: 30EXPL: 1CVE-2006-1614
https://notcve.org/view.php?id=CVE-2006-1614
06 Apr 2006 — Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html •
CVSS: 10.0EPSS: 26%CPEs: 59EXPL: 0CVE-2006-1615
https://notcve.org/view.php?id=CVE-2006-1615
06 Apr 2006 — Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 11%CPEs: 30EXPL: 0CVE-2006-1630
https://notcve.org/view.php?id=CVE-2006-1630
06 Apr 2006 — The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html •
CVSS: 7.8EPSS: 61%CPEs: 30EXPL: 0CVE-2006-0162 – Clam AntiVirus UPX Unpacking Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0162
10 Jan 2006 — Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid siz... • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2005-3587
https://notcve.org/view.php?id=CVE-2005-3587
16 Nov 2005 — Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. • http://sourceforge.net/project/shownotes.php?release_id=368319 •
CVSS: 7.8EPSS: 14%CPEs: 11EXPL: 0CVE-2005-3303
https://notcve.org/view.php?id=CVE-2005-3303
05 Nov 2005 — The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. • http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html •
CVSS: 5.5EPSS: 18%CPEs: 33EXPL: 0CVE-2005-3500
https://notcve.org/view.php?id=CVE-2005-3500
05 Nov 2005 — The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. • http://secunia.com/advisories/17184 •
CVSS: 5.5EPSS: 2%CPEs: 58EXPL: 1CVE-2005-3501
https://notcve.org/view.php?id=CVE-2005-3501
05 Nov 2005 — The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length. • http://secunia.com/advisories/17184 • CWE-399: Resource Management Errors •
CVSS: 9.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3229
https://notcve.org/view.php?id=CVE-2005-3229
14 Oct 2005 — Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. • http://marc.info/?l=bugtraq&m=112879611919750&w=2 •