CVSS: 5.0EPSS: 1%CPEs: 7EXPL: 0CVE-2007-3025
https://notcve.org/view.php?id=CVE-2007-3025
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. Vulnerabilidad no especificada en el libclamav/phishcheck.c del ClamAV en versiones anteriores a 0.90.3 y en la 0.91 en versiones anteriores a 0.91rc1, cuando corre bajo Solaris, permite a atacantes remotos provocar una denegación del servicio (cuelgue) a través de vectores desconocidos relativos a la función isURL y expresiones regulares. • http://kolab.org/security/kolab-vendor-notice-15.txt http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html http://secunia.com/advisories/25525 •
CVSS: 5.0EPSS: 26%CPEs: 6EXPL: 0CVE-2007-3123
https://notcve.org/view.php?id=CVE-2007-3123
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow. El unrar.c en libclamav del ClamAV en versiones anteriores a 0.90.3 y la 0.91 en versiones anteriores a 0.91rc1 permite a atacantes remotos provocar una denegación del servicio (volado de memoria tras un error en ejecución) a través de un fichero RAR manipulado con un valor vm_codesize modificado, lo cual dispara un desbordamiento de búfer basado en montículo. • http://kolab.org/security/kolab-vendor-notice-15.txt http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html http://osvdb.org/35522 http://secunia.com/advisories/25523 http://secunia.com/advisories/25525 http://secunia.com/advisories/25688 http://secunia.com/advisories/25796 http://security.gentoo.org/glsa/glsa-200706-05.xml http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog http://www.debian.org/security/2007/dsa-1320 http://www.novell.com/linux/secur •
CVSS: 5.0EPSS: 56%CPEs: 6EXPL: 0CVE-2007-3122
https://notcve.org/view.php?id=CVE-2007-3122
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR. El motor de análisis sintáctico del ClamAV anterior al 0.90.3 y el 0.91 anterior al 0.91rc1, permite a atacantes remotos evitar el escaneo mediante un fichero RAR con una bandera de la cabecera con valor 10, lo que puede ser procesado por el WinRAR. • http://kolab.org/security/kolab-vendor-notice-15.txt http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html http://osvdb.org/45392 http://secunia.com/advisories/25523 http://secunia.com/advisories/25525 http://secunia.com/advisories/25688 http://secunia.com/advisories/25796 http://security.gentoo.org/glsa/glsa-200706-05.xml http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog http://www.debian.org/security/2007/dsa-1320 http://www.novell.com/linux/secur •
CVSS: 10.0EPSS: 2%CPEs: 5EXPL: 0CVE-2007-3023
https://notcve.org/view.php?id=CVE-2007-3023
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors. unsp.c en el ClamAV en versiones anteriores a la 0.90.3 y la 0.91 anterior a la 0.91rc1 no calcula adecuadamente el final de ciertos búfer, lo que tiene un impacto desconocido y vectores de ataque remotos. • http://kolab.org/security/kolab-vendor-notice-15.txt http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html http://osvdb.org/36908 http://secunia.com/advisories/25523 http://secunia.com/advisories/25525 http://secunia.com/advisories/25688 http://secunia.com/advisories/25796 http://security.gentoo.org/glsa/glsa-200706-05.xml http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog http://www.debian.org/security/2007/dsa-1320 http://www.novell.com/linux/secur •
CVSS: 7.5EPSS: 20%CPEs: 6EXPL: 0CVE-2007-1997
https://notcve.org/view.php?id=CVE-2007-1997
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow. Error de presencia de signo en entero en las funciones (1) cab_unstore y (2) cab_extract en libclamav/cab.c de Clam AntiVirus (ClamAV) anterior a 0.90.2 permite a atacantes remotos ejecutar código de su elección mediante un archivo CHM manipulado que contiene un entero negativo, que pasa una comparación con signo y lleva a un desbordamiento de búfer basado en pila. • http://docs.info.apple.com/article.html?artnum=307562 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513 http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html http://secunia.com/advisories/24891 http://secunia.com/advisories/24920 http://secunia.com/advisories/24946 http://secunia.com/advisories/24996 http://secunia.com/advisories/25022 http://secunia.com/advisories/25028 http://secunia.com/advisories/25189 http://secunia.com/advisories/29420&# •