CVE-2008-6680
https://notcve.org/view.php?id=CVE-2008-6680
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error. libclamav/pe.c en ClamAV anteriores a v0.95 permite a atacantes remotos provocar una denegación de servicio (caída) a través de un fichero manipulado que provoca un error de división por 0. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://secunia.com/advisories/34716 http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://www.debian.org/security/2009/dsa-1771 http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 http://www.openwall.com/lists/oss-security/2009/04/07/6 http://www.securityfocus.com/bid/34357 http://www.ubuntu.com/usn/usn-754-1 http://www.vupen.com/english/advisories/2009 • CWE-189: Numeric Errors •
CVE-2009-1270
https://notcve.org/view.php?id=CVE-2009-1270
libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang. libclamav/untar.c en ClamAV anteriores a v0.95 permite a atacantes remotos provocar una denegación de servicio (buble infinito) a través de un fichero manipulado que provoca que se cuelguen (1) clamd y (2) clamscan. • http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://osvdb.org/53461 http://secunia.com/advisories/34716 http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://www.debian.org/security/2009/dsa-1771 http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 http://www.openwall.com/lists/oss-security/2009/04/07/6 http://www.securityfocus.com/bid/34357 http://www.ubuntu.com/usn/usn-754-1 http://www.vupen • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVE-2009-1241
https://notcve.org/view.php?id=CVE-2009-1241
Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive. Vulnerabilidad inespecífica en ClamAV en versiones anteriores a v0.95 lo que permite a atacantes remotos evitar la detección de malware a través de un archivo RAR modificado. • http://blog.zoller.lu/2009/04/clamav-094-and-below-evasion-and-bypass.html http://lists.apple.com/archives/security-announce/2009/Sep/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00010.html http://secunia.com/advisories/36701 http://support.apple.com/kb/HT3865 http://www.mandriva.com/security/advisories?name=MDVSA-2009:097 http://www.openwall.com/lists/oss-security/2009/04/07/6 http://www.securityfocus.com/archive/1/502366/100/0/threaded http •
CVE-2008-5525
https://notcve.org/view.php?id=CVE-2008-5525
ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. ClamAV v0.94.1 y posiblemente v0.93.1, cuando se utiliza Internet Explorer 6 o 7, permite a atacantes remotos eludir la detección de malware en un documento HTML colocando una cabecera MZ (alias "EXE info") al principio, y modificar el nombre del archivo a (1 ) sin extensión, (2) una extensión. txt, o (3) una extensión .jpg, como lo demuestra un documento que contiene un exploit CVE-2006-5745. • http://securityreason.com/securityalert/4723 http://www.securityfocus.com/archive/1/498995/100/0/threaded http://www.securityfocus.com/archive/1/499043/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/47435 • CWE-20: Improper Input Validation •
CVE-2008-5314 – ClamAV < 0.94.2 - JPEG Parsing Recursive Stack Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-5314
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions. Vulnerabilidad de consumo de pila en el archivo libclamav/special.c en ClamAV y versiones anteriores 0.94.2, que permite a los atacantes remotos causar una denegación de servicios (caída de demonio) a través de un archivo JPEG manipulado, relativo a las funciones cli_check_jpeg_exploit, jpeg_check_photoshop y jpeg_check_photoshop_8bim. • https://www.exploit-db.com/exploits/7330 http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html http://osvdb.org/50363 http://secunia.com/advisories/32926 http://secunia.com/advisories/32936 http://secunia.com/advisories/33016 http://secunia.com/advisories/33195 http://secunia.com/advisories/33317 http://secunia.com/advis • CWE-399: Resource Management Errors •