CVSS: 10.0EPSS: 16%CPEs: 2EXPL: 1CVE-2017-12379 – Ubuntu Security Notice USN-3550-2
https://notcve.org/view.php?id=CVE-2017-12379
26 Jan 2018 — ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or potentially execute arbitrary code on an affected device. The vulnerability is due to improper input validation checking mechanisms in the message parsing function on an affected system. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. This action could cause a me... • http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 9%CPEs: 2EXPL: 1CVE-2017-12380 – Ubuntu Security Notice USN-3550-2
https://notcve.org/view.php?id=CVE-2017-12380
26 Jan 2018 — ClamAV AntiVirus software versions 0.99.2 and prior contain a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms in mbox.c during certain mail parsing functions of the ClamAV software. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted email to the affected device. An exploit could trigger a NULL pointer dereferen... • http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html • CWE-476: NULL Pointer Dereference •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6418 – Gentoo Linux Security Advisory 201804-16
https://notcve.org/view.php?id=CVE-2017-6418
07 Aug 2017 — libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Libclamav/message.c en la versión 0.99.2 de ClamAV permite a atacantes remotos causar una denegación de servicio (lectura fuera de límites) utilizando un mensaje de correo electrónico manipulado. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue to cause ClamAV to crash, resulting in a den... • http://www.securityfocus.com/bid/100154 • CWE-125: Out-of-bounds Read •
CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6419 – Debian Security Advisory 3946-1
https://notcve.org/view.php?id=CVE-2017-6419
07 Aug 2017 — mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. mspack/lzxd.c en libmspack 0.5alpha, como se utiliza en la versión 0.99.2 de ClamAV permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) o posiblemente, tener otro impacto no especificado util... • http://www.debian.org/security/2017/dsa-3946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6420 – Gentoo Linux Security Advisory 201804-16
https://notcve.org/view.php?id=CVE-2017-6420
07 Aug 2017 — The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. La función wwunpack en libclamav/wwunpack.c en ClamAV 0.99.2 permite que atacantes remotos provoquen una denegación de servicio (use-after-free) mediante un archivo PE manipulado con compresión WWPack. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue... • https://bugzilla.clamav.net/show_bug.cgi?id=11798 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2017-11423 – Debian Security Advisory 3946-1
https://notcve.org/view.php?id=CVE-2017-11423
18 Jul 2017 — The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. La función cabd_read_string en el archivo mspack/cabd.c en libmspack versión 0.5alpha, tal como se usa en ClamAV versión 0.99.2 y otros productos, permite a los atacantes remotos causar una denegación de servicio (exceso lectura del búfer en la región stack de la mem... • http://www.debian.org/security/2017/dsa-3946 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1371 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1371
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un ejecutable mew empaquetado manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, r... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 4%CPEs: 4EXPL: 1CVE-2016-1372 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1372
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo 7z manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of servic... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2170 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2170
04 May 2015 — The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. El decodificador upx en ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-2221 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2221
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un fichero cryptor y0da manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •