CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 1CVE-2019-15961 – Clam AntiVirus (ClamAV) Software Email Parsing Vulnerability
https://notcve.org/view.php?id=CVE-2019-15961
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition. Una vulnerabilidad en el módulo de análisis de correo electrónico de Clam AntiVirus (ClamAV) Software versiones 0.102.0, 0.101.4 y anteriores, podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio en un dispositivo afectado. • https://bugzilla.clamav.net/show_bug.cgi?id=12380 https://lists.debian.org/debian-lts-announce/2020/02/msg00016.html https://quickview.cloudapps.cisco.com/quickview/bug/CSCvr56010 https://security.gentoo.org/glsa/202003-46 https://usn.ubuntu.com/4230-2 • CWE-20: Improper Input Validation CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-6745
https://notcve.org/view.php?id=CVE-2007-6745
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. clamav versión 0.91.2, sufre de una excepción de coma flotante cuando usa ScanOLE2. • http://www.openwall.com/lists/oss-security/2012/03/29/2 https://access.redhat.com/security/cve/cve-2007-6745 https://security-tracker.debian.org/tracker/CVE-2007-6745 •
CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 0CVE-2007-0899
https://notcve.org/view.php?id=CVE-2007-0899
There is a possible heap overflow in libclamav/fsg.c before 0.100.0. Existe un posible desbordamiento de la pila en el archivo libclamav/fsg.c versiones anteriores a la versión 0.100.0. • https://security-tracker.debian.org/tracker/CVE-2007-0899 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2019-12625 – ClamAV Zip Bomb Vulnerability
https://notcve.org/view.php?id=CVE-2019-12625
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. Las versiones anteriores a la versión 0.101.3 de ClamAV son susceptibles a una vulnerabilidad de bomba zip donde un atacante no autenticado puede causar una condición de denegación de servicio mediante el envío de mensajes especialmente diseñados en un sistema afectado. • http://lists.opensuse.org/opensuse-security-announce/2019-11/msg00078.html http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00000.html https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html • CWE-400: Uncontrolled Resource Consumption CWE-404: Improper Resource Shutdown or Release •
CVSS: 7.5EPSS: 0%CPEs: 4EXPL: 1CVE-2019-1787 – Clam AntiVirus PDF Denial of Service Vulnerability
https://notcve.org/view.php?id=CVE-2019-1787
A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to a lack of proper data handling mechanisms within the device buffer while indexing remaining file data on an affected device. An attacker could exploit this vulnerability by sending crafted PDF files to an affected device. A successful exploit could allow the attacker to cause a heap buffer out-of-bounds read condition, resulting in a crash that could result in a denial of service condition on an affected device. Una vulnerabilidad en la funcionalidad de escaneo del PDF (Portable Document Format) en las versiones de software 0.101.1 y anteriores de Clam AntiVirus (ClamAV), podría permitir a un atacante remoto no autenticado causar una condición de denegación de servicio (DoS) en un dispositivo afectado. • http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00062.html http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00064.html https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=12181 https://lists.debian.org/debian-lts-announce/2019/04/msg00019.html https://security.gentoo.org/glsa/201904-12 • CWE-20: Improper Input Validation CWE-125: Out-of-bounds Read •