CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2015-1462
https://notcve.org/view.php?id=CVE-2015-1462
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de empaquetador upx manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html http://secunia.com/advisories/62536 http://securitytracker.com/id/1031672 https://security.gentoo.org/glsa/201512-08 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 5.0EPSS: 2%CPEs: 3EXPL: 0CVE-2015-1463
https://notcve.org/view.php?id=CVE-2015-1463
ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." ClamAV anterior a 0.98.6 permite a atacantes remotos causar una denegación de servicio (caída) a través de un fichero de empaquetador 'petite' (petite packer) manipulado, relacionado con una 'optimización del compilador incorrecta.' • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html https://security.gentoo.org/glsa/201512-08 • CWE-17: DEPRECATED: Code •
CVSS: 7.5EPSS: 1%CPEs: 3EXPL: 0CVE-2014-9328
https://notcve.org/view.php?id=CVE-2014-9328
ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." ClamAV anterior a 0.98.6 permite a atacantes remotos tener un impacto no especificado a través de un fichero de desempaquetar el empaquetador (upack packer) manipulado, relacionado con una 'condición de memoria dinámica fuera de rango.' • http://blog.clamav.net/2015/01/clamav-0986-has-been-released.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148950.html http://lists.fedoraproject.org/pipermail/package-announce/2015-January/148958.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00014.html http://lists.opensuse.org/opensuse-security-announce/2015-02/msg00020.html http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html http://secunia.com/advisories/62536 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 2.1EPSS: 11%CPEs: 1EXPL: 0CVE-2013-6497
https://notcve.org/view.php?id=CVE-2013-6497
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. clamscan en ClamAV anterior a 0.98.5, cuando utiliza la opción -a, permite a atacantes remotos causar una denegación de servicio (caída) como fue demostrado por el fichero jwplayer.js. • http://blog.clamav.net/2014/11/clamav-0985-has-been-released.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144754.html http://lists.fedoraproject.org/pipermail/package-announce/2014-November/144979.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00007.html http://secunia.com/advisories/59645 http://secu • CWE-17: DEPRECATED: Code •
CVSS: 9.8EPSS: 4%CPEs: 6EXPL: 0CVE-2013-7087
https://notcve.org/view.php?id=CVE-2013-7087
ClamAV before 0.97.7 has WWPack corrupt heap memory ClamAV versiones anteriores a la versión 0.97.7, tiene una memoria de la pila corrupta de WWPack. • http://security.gentoo.org/glsa/glsa-201405-08.xml http://www.openwall.com/lists/oss-security/2013/12/13/1 http://www.securityfocus.com/bid/58546 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7087 https://security-tracker.debian.org/tracker/CVE-2013-7087 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •