CVSS: 10.0EPSS: 8%CPEs: 59EXPL: 0CVE-2006-1615
https://notcve.org/view.php?id=CVE-2006-1615
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://sourceforge.net/project/shownotes.php?release&# • CWE-134: Use of Externally-Controlled Format String •
CVSS: 7.5EPSS: 37%CPEs: 30EXPL: 0CVE-2006-0162 – Clam AntiVirus UPX Unpacking Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0162
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html http://secunia.com/advisories/18379 http://secunia.com/advisories/18453 http://secunia.com/advisories/18463 http://secunia.com/advisories/18478 http://secunia.com/advisories/18548 http://securityreason.com/securityalert/342 http://securitytracker.com/id?1015457 http://www.clamav.net/doc/0.88/ChangeLog http://www.debian.org/security/2006/dsa-947 http://www.gentoo.org/security/en/glsa/glsa-200601-0 •
CVSS: 10.0EPSS: 0%CPEs: 33EXPL: 0CVE-2005-3587
https://notcve.org/view.php?id=CVE-2005-3587
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. • http://sourceforge.net/project/shownotes.php?release_id=368319 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 •
CVSS: 5.0EPSS: 42%CPEs: 33EXPL: 0CVE-2005-3500
https://notcve.org/view.php?id=CVE-2005-3500
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block. • http://secunia.com/advisories/17184 http://secunia.com/advisories/17434 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 http://securityreason.com/securityalert/152 http://securitytracker.com/id?1015154 http://sourceforge.net/project/shownotes.php?release_id=368319 http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.idefense.com/application/poi/display?id=333 •
CVSS: 4.3EPSS: 1%CPEs: 58EXPL: 1CVE-2005-3501
https://notcve.org/view.php?id=CVE-2005-3501
The cabd_find function in cabd.c of the libmspack library (mspack) for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop) via a crafted CAB file that causes cabd_find to be called with a zero length. • http://secunia.com/advisories/17184 http://secunia.com/advisories/17434 http://secunia.com/advisories/17451 http://secunia.com/advisories/17501 http://secunia.com/advisories/17559 http://securityreason.com/securityalert/150 http://securitytracker.com/id?1015154 http://sourceforge.net/project/shownotes.php?release_id=368319 http://www.debian.org/security/2005/dsa-887 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.idefense.com/application/poi/display?id=334 • CWE-399: Resource Management Errors •