CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 1CVE-2019-15961 – Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2019-15961
21 Nov 2019 — A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the C... • https://bugzilla.clamav.net/show_bug.cgi?id=12380 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0899
https://notcve.org/view.php?id=CVE-2007-0899
06 Nov 2019 — There is a possible heap overflow in libclamav/fsg.c before 0.100.0. Existe un posible desbordamiento de la pila en el archivo libclamav/fsg.c versiones anteriores a la versión 0.100.0. • https://security-tracker.debian.org/tracker/CVE-2007-0899 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12625 – ClamAV Zip Bomb Vulnerability
https://notcve.org/view.php?id=CVE-2019-12625
21 Aug 2019 — ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. Las versiones anteriores a la versión 0.101.3 de ClamAV son susceptibles a una vulnerabilidad de bomba zip donde un atacante no autenticado puede causar una condición de denegación de servicio mediante el envío de mensajes especialmente diseñados en un sistema afectado. It was discovered that ClamAV incorrect... • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-1789 – ClamAV Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1789
27 Mar 2019 — ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking. Las versiones anteriores a la versión 0.101.2 de ClamAV, son susceptibles a una vulnerabilidad de denegación de servicio (DoS). Una condición de lectura de la pila fuera de límites puede presentarse al escanear archivos PE. • https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-1787 – Clam AntiVirus PDF Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1787
27 Mar 2019 — A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A succ... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 5%CPEs: 4EXPL: 1CVE-2019-1788 – ClamAV OLE2 File Out-Of-Bounds Write Vulnerability
https://notcve.org/view.php?id=CVE-2019-1788
27 Mar 2019 — A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for OLE2 files sent an affected device. An attacker could exploit this vulnerability by sending malformed OLE2 files to the device running an affected version ClamAV So... • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html • CWE-20: Improper Input Validation CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2019-1798 – Clam AntiVirus PE File Out-of-Bounds Read Vulnerability
https://notcve.org/view.php?id=CVE-2019-1798
27 Mar 2019 — A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a lack of proper input and validation checking mechanisms for PE files sent an affected device. An attacker could exploit this vulnerability by sending malformed PE files to the device running an affected version ClamAV Software. An ex... • https://bugzilla.clamav.net/show_bug.cgi?id=12262 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-15378 – Clam AntiVirus unmew11() Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2018-15378
11 Oct 2018 — A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. The vulnerability is due to an error related to the MEW unpacker within the "unmew11()" function (libclamav/mew.c), which can be exploited to trigger an invalid read memory access via a specially crafted EXE file. Una vulnerabilidad en las versiones anteriores a la 0.100.2 de ClamAV podría permitir que un atacante provoque una condición de denegación de servicio (DoS). La vulnerabilidad ... • https://bugzilla.clamav.net/show_bug.cgi?id=12170 • CWE-125: Out-of-bounds Read •
CVSS: 4.3EPSS: 0%CPEs: 2EXPL: 0CVE-2018-0361 – Gentoo Linux Security Advisory 201904-12
https://notcve.org/view.php?id=CVE-2018-0361
09 Jul 2018 — ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. ClamAV en versiones anteriores a la 0.100.1 carece de una comprobación de longitud de objeto, lo que resulta en un tiempo demasiado largo para analizar un archivo relativamente pequeño. USN-3722-1 fixed vulnerabilities in ClamAV. The new package introduced an issue which caused dpkg-reconfigure to enter an infinite loop. This update fixes the problem. • http://www.securitytracker.com/id/1041367 • CWE-20: Improper Input Validation •
CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2018-0360 – Gentoo Linux Security Advisory 201904-12
https://notcve.org/view.php?id=CVE-2018-0360
09 Jul 2018 — ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. This is in parsehwp3_paragraph() in libclamav/hwp.c. ClamAV en versiones anteriores a la 0.100.1 tiene un desbordamiento de enteros HWP con un bucle infinito resultante mediante un archivo Hangul Word Processor manipulado. Esto es en parsehwp3_paragraph() en libclamav/hwp.c. USN-3722-1 fixed vulnerabilities in ClamAV. • http://www.securitytracker.com/id/1041367 • CWE-190: Integer Overflow or Wraparound •