CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1461 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1461
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador (1) Yoda's crypter o (2) mew manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions le... • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1462 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1462
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador upx manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions less than 0.98.7 are affected. • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1463 – Gentoo Linux Security Advisory 201512-08
https://notcve.org/view.php?id=CVE-2015-1463
03 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." ClamAV anterior a 0.98.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero de empaquetador 'petite' (petite packer) manipulado, relacionado con una 'optimización del compilador incorrecta.' Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. Versions less than 0.... • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-17: DEPRECATED: Code •
CVSS: 7.8EPSS: 6%CPEs: 3EXPL: 0CVE-2014-9328 – Mandriva Linux Security Advisory 2015-042
https://notcve.org/view.php?id=CVE-2014-9328
02 Feb 2015 — ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de desempaquetar el empaquetador (upack packer) manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' ClamAV 0.98.6 is a maintenance release to fix some bugs, some of them Fix a heap out of bounds condition with crafted Yoda's ... • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.5EPSS: 5%CPEs: 99EXPL: 1CVE-2014-9050 – Gentoo Linux Security Advisory 201412-05
https://notcve.org/view.php?id=CVE-2014-9050
27 Nov 2014 — Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. El desbordamiento de búfer en la región heap de la memoria en la función cli_scanpe en el archivo libclamav/pe.c en ClamAV anterior a versión 0.98.5, permite a los atacantes remotos causar una denegación de servicio (bloqueo) por medio de un archivo y0da Crypter PE diseñado. Kurt Seifried discovered that ClamAV incorr... • http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2013-6497 – Mandriva Linux Security Advisory 2014-217
https://notcve.org/view.php?id=CVE-2013-6497
20 Nov 2014 — clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. clamscan en ClamAV anterior a 0.98.5, cuando utiliza la opción -a, permite a atacantes remotos causar una denegación de servicio (caída) como fue demostrado por el fichero jwplayer.js. Kurt Seifried discovered that ClamAV incorrectly handled certain JavaScript files. An attacker could possibly use this issue to cause ClamAV to crash, resulting in a den... • http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7087 – Gentoo Linux Security Advisory 201405-08
https://notcve.org/view.php?id=CVE-2013-7087
19 May 2014 — ClamAV before 0.97.7 has WWPack corrupt heap memory ClamAV versiones anteriores a la versión 0.97.7, tiene una memoria de la pila corrupta de WWPack. Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. Versions less than 0.98 are affected. • http://security.gentoo.org/glsa/glsa-201405-08.xml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7088 – Gentoo Linux Security Advisory 201405-08
https://notcve.org/view.php?id=CVE-2013-7088
19 May 2014 — ClamAV before 0.97.7 has buffer overflow in the libclamav component ClamAV versiones anteriores a la versión 0.97.7, tiene un desbordamiento de búfer en el componente libclamav. Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. Versions less than 0.98 are affected. • http://security.gentoo.org/glsa/glsa-201405-08.xml • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVSS: 7.5EPSS: 0%CPEs: 6EXPL: 0CVE-2013-7089 – Gentoo Linux Security Advisory 201405-08
https://notcve.org/view.php?id=CVE-2013-7089
19 May 2014 — ClamAV before 0.97.7: dbg_printhex possible information leak ClamAV versiones anteriores a la versión 0.97.7: posible fuga de información de la función dbg_printhex. Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. Versions less than 0.98 are affected. • http://security.gentoo.org/glsa/glsa-201405-08.xml • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 7.5EPSS: 12%CPEs: 60EXPL: 0CVE-2013-2020 – Apple Security Advisory 2013-09-12-1
https://notcve.org/view.php?id=CVE-2013-2020
13 May 2013 — Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read. Desbordamiento de entero en la función cli_scanpe en pe.c en ClamAV anterior a v0.97.8 permite a atacantes remotos provocar una denegación de servicio (caída de la aplicación) a través de un desplazamiento mayor que el tamaño de las secciones PE en ... • http://blog.clamav.net/2013/04/clamav-0978-has-been-released.html • CWE-189: Numeric Errors •