CVE-2006-1615
https://notcve.org/view.php?id=CVE-2006-1615
Multiple format string vulnerabilities in the logging code in Clam AntiVirus (ClamAV) before 0.88.1 might allow remote attackers to execute arbitrary code. NOTE: as of 20060410, it is unclear whether this is a vulnerability, as there is some evidence that the arguments are actually being sanitized properly. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://sourceforge.net/project/shownotes.php?release • CWE-134: Use of Externally-Controlled Format String •
CVE-2006-1630
https://notcve.org/view.php?id=CVE-2006-1630
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access." • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://sourceforge.net/project/shownotes.php?release •
CVE-2006-1614
https://notcve.org/view.php?id=CVE-2006-1614
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code. • http://lists.apple.com/archives/security-announce/2006/May/msg00003.html http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html http://secunia.com/advisories/19534 http://secunia.com/advisories/19536 http://secunia.com/advisories/19564 http://secunia.com/advisories/19567 http://secunia.com/advisories/19570 http://secunia.com/advisories/19608 http://secunia.com/advisories/20077 http://secunia.com/advisories/23719 http://securitytracker.com/id?1015887 http:// •
CVE-2006-0162 – Clam AntiVirus UPX Unpacking Code Execution Vulnerability
https://notcve.org/view.php?id=CVE-2006-0162
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files. This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability. This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created. • http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html http://secunia.com/advisories/18379 http://secunia.com/advisories/18453 http://secunia.com/advisories/18463 http://secunia.com/advisories/18478 http://secunia.com/advisories/18548 http://securityreason.com/securityalert/342 http://securitytracker.com/id?1015457 http://www.clamav.net/doc/0.88/ChangeLog http://www.debian.org/security/2006/dsa-947 http://www.gentoo.org/security/en/glsa/glsa-200601-0 •
CVE-2005-3587
https://notcve.org/view.php?id=CVE-2005-3587
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors. • http://sourceforge.net/project/shownotes.php?release_id=368319 http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 •