CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-6419 – Debian Security Advisory 3946-1
https://notcve.org/view.php?id=CVE-2017-6419
07 Aug 2017 — mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. mspack/lzxd.c en libmspack 0.5alpha, como se utiliza en la versión 0.99.2 de ClamAV permite a atacantes remotos causar una denegación de servicio (desbordamiento de búfer basado en memoria dinámica y caída de la aplicación) o posiblemente, tener otro impacto no especificado util... • http://www.debian.org/security/2017/dsa-3946 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-6420 – Gentoo Linux Security Advisory 201804-16
https://notcve.org/view.php?id=CVE-2017-6420
07 Aug 2017 — The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. La función wwunpack en libclamav/wwunpack.c en ClamAV 0.99.2 permite que atacantes remotos provoquen una denegación de servicio (use-after-free) mediante un archivo PE manipulado con compresión WWPack. It was discovered that ClamAV incorrectly handled parsing certain e-mail messages. A remote attacker could possibly use this issue... • https://bugzilla.clamav.net/show_bug.cgi?id=11798 • CWE-416: Use After Free •
CVSS: 5.5EPSS: 2%CPEs: 2EXPL: 0CVE-2017-11423 – Debian Security Advisory 3946-1
https://notcve.org/view.php?id=CVE-2017-11423
18 Jul 2017 — The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. La función cabd_read_string en el archivo mspack/cabd.c en libmspack versión 0.5alpha, tal como se usa en ClamAV versión 0.99.2 y otros productos, permite a los atacantes remotos causar una denegación de servicio (exceso lectura del búfer en la región stack de la mem... • http://www.debian.org/security/2017/dsa-3946 • CWE-125: Out-of-bounds Read •
CVSS: 5.5EPSS: 0%CPEs: 4EXPL: 1CVE-2016-1371 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1371
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un ejecutable mew empaquetado manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, r... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 4%CPEs: 4EXPL: 1CVE-2016-1372 – Ubuntu Security Notice USN-3093-1
https://notcve.org/view.php?id=CVE-2016-1372
29 Sep 2016 — ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. ClamAV (también conocido como Clam AntiVirus) en versiones anteriores a 0.99.2 permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) a través de un archivo 7z manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of servic... • http://blog.clamav.net/2016/05/clamav-0992-has-been-released.html • CWE-284: Improper Access Control •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2170 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2170
04 May 2015 — The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. El decodificador upx en ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 8%CPEs: 5EXPL: 0CVE-2015-2221 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2221
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (bucle infinito) a través de un fichero cryptor y0da manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2222 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2222
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. ClamAV anterior a 0.98.7 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero empaquetado con Petite manipulado. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default installation, atta... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 7%CPEs: 5EXPL: 0CVE-2015-2668 – Ubuntu Security Notice USN-2594-1
https://notcve.org/view.php?id=CVE-2015-2668
04 May 2015 — ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. ClamAV en versiones anteriores a 0.98.7 permite a atacantes remotos provocar una denegación de servicio (bucle infinito) a través de un fichero del archivo xz. It was discovered that ClamAV incorrectly handled certain malformed files. A remote attacker could use this issue to cause ClamAV to crash, resulting in a denial of service, or possibly execute arbitrary code. In the default instal... • http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html • CWE-399: Resource Management Errors •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1461 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1461
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador (1) Yoda's crypter o (2) mew manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions le... • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •