CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6420 – Gentoo Linux Security Advisory 201804-16
https://notcve.org/view.php?id=CVE-2017-6420
07 Aug 2017 — The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. La función wwunpack en libclamav/wwunpack.c en ClamAV 0.99.2 permite que atacantes remotos provoquen una denegación de servicio (use-after-free) mediante un archivo PE manipulado con compresión WWPack. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue... • https://bugzilla.clamav.net/show_bug.cgi?id=11798 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2017-11423 – Debian Security Advisory 3946-1
https://notcve.org/view.php?id=CVE-2017-11423
18 Jul 2017 — The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. La función cabd_read_string en el archivo mspack/cabd.c en libmspack versión 0.5alpha, tal como se usa en ClamAV versión 0.99.2 y otros productos, permite a los atacantes remotos causar una denegación de servicio (exceso lectura del búfer en la región stack de la mem... • http://www.debian.org/security/2017/dsa-3946 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1371 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1371
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un ejecutable mew empaquetado manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, r... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 4%CPEs: 4EXPL: 1CVE-2016-1372 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1372
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo 7z manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of servic... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2170 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2170
04 May 2015 — The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. El decodificador upx en ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-2221 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2221
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un fichero cryptor y0da manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2222 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2222
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero empaquetado con Petite manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, atta... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2668 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2668
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. ClamAV en versiones anteriores a 0.98.7 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un fichero del archivo xz. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default instal... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1461 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1461
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador (1) Yoda's crypter o (2) mew manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions le... • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1462 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1462
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador upx manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions less than 0.98.7 are affected. • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •