Page 17 of 143 results (0.009 seconds)

CVSS: 5.0EPSS: 8%CPEs: 19EXPL: 1

libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713. libclamav/petite.c en ClamAV anterior a 0.93.3 permite a atacantes remotos causar una denegación de servicio mediante un fichero Petite mal formado que ocasiona un acceso a memoria fuera del rango. NOTA: este problema existe debido a una reparación incompleta de CVE-2008-2713. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html http://secunia.com/advisories/31091 http://secunia.com/advisories/31437 http://secunia.com/advisories/31882 http://security.gentoo.org/glsa/glsa-200808-07.xml http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920 http&# • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 16%CPEs: 57EXPL: 1

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read. libclamav/petite.c de ClamAV versiones anteriores a 0.93.1 permite a atacantes remotos provocar una denegación de servicio a través de un fichero Petite manipulado que dispara una lectura fuera del límite. • http://kolab.org/security/kolab-vendor-notice-21.txt http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html http://secunia.com/advisories/30657 http://secunia.com/advisories/30785 http://secunia.com/advisories/30829 http://secunia.com/advisories/30967 http://secunia.com/advisories/31091 http://secunia.com/advisories/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 64EXPL: 0

ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar. ClamAV antes de 0.93 permite a atacantes remotos evitar el motor de escanéo a través de un archivo RAR con un número de versión no válido, que no puede ser analizado por ClamAV pero que puede ser extraído por Winrar. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://secunia.com/advisories/29891 http://secunia.com/advisories/30328 http://secunia.com/advisories/31576 http://secunia.com/advisories/31882 http://security.gentoo.org/glsa/glsa-200805-19.xml http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 http: • CWE-20: Improper Input Validation •

CVSS: 5.0EPSS: 8%CPEs: 64EXPL: 0

libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats. libclamunrar de ClamAV before 0.93 permite a atacantes remotos provocar una denegación de servicio (caída) a través de ficheros RAR manipulados que disparan "problemas de memoria", tal como lo demostrado por el paquete de pruebas PROTOS GENOME de Archive Formats. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://secunia.com/advisories/29891 http://secunia.com/advisories/30328 http://secunia.com/advisories/31576 http://secunia.com/advisories/31882 http://security.gentoo.org/glsa/glsa-200805-19.xml http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 http: • CWE-399: Resource Management Errors •

CVSS: 4.3EPSS: 5%CPEs: 8EXPL: 0

The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read. La función rfc2231 en message.c en libclamav de ClamAV anterior 0.93, permite a atacantes remotos causar una denegación de servicio (caída) a través de un mensaje manipulado que produce una cadena que no termina en null, lo que inicia un desbordamiento de búfer de lectura. • http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html http://secunia.com/advisories/29891 http://secunia.com/advisories/30253 http://secunia.com/advisories/30328 http://secunia.com/advisories/31576 http://secunia.com/advisories/31882 http://security.gentoo.org/glsa/glsa-200805-19.xml http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html http://www.mandriva.com/security&# •