Search for packages
| purl | pkg:deb/debian/clamav@0?distro=trixie |
| Vulnerability | Summary | Fixed by |
|---|---|---|
| This package is not known to be affected by vulnerabilities. | ||
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-568z-e7ep-dbdz | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20803
|
| VCID-fg72-nbqy-mqgs | freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. |
CVE-2010-0058
|
| VCID-jcfy-dyqj-h3aw | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . |
CVE-2025-20234
|
| VCID-jdn6-r2vx-6fbh | Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. |
CVE-2007-3025
|
| VCID-k4w5-5g16-x3b2 | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1835
|
| VCID-p14n-mfwj-vufs | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1836
|
| VCID-rhj5-gtyt-2ucn | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. |
CVE-2024-20380
|
| VCID-sq4f-krz1-87fw | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20290
|
| VCID-u4q5-6h15-guf2 | Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. |
CVE-2005-3229
|
| VCID-uvbv-aeft-jyay | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1837
|
| VCID-vhv6-2yu5-wbb3 | freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. |
CVE-2006-2427
|
| VCID-vzhw-bgs7-sye3 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2023-20212
|
| VCID-xyb8-pe6q-sbby | The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. |
CVE-2009-1601
|
| VCID-yuub-nqnn-qyg6 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20328
|
| VCID-z7du-zx2w-nubk | ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |
CVE-2008-5525
|