Search for packages
| purl | pkg:deb/debian/clamav@1.4.3%2Bdfsg-1~deb12u2?distro=trixie |
| Next non-vulnerable version | 1.4.4+dfsg-1 |
| Latest non-vulnerable version | 1.4.4+dfsg-1 |
| Risk |
| Vulnerability | Summary | Fixed by |
|---|---|---|
|
VCID-5kba-63mx-hya7
Aliases: CVE-2026-20031 |
A vulnerability in the HTML Cascading Style Sheets (CSS) module of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to improper error handling when splitting UTF-8 strings. An attacker could exploit this vulnerability by submitting a crafted HTML file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the scanning process. |
Affected by 0 other vulnerabilities. |
| Vulnerability | Summary | Aliases |
|---|---|---|
| VCID-1346-uavy-pbdb | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1787
|
| VCID-14ba-3s5a-2ff3 | Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location." |
CVE-2006-5295
|
| VCID-1vcc-2zf5-tyd1 | Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message. |
CVE-2005-2450
|
| VCID-2aju-u36p-gug9 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20796
|
| VCID-2r3h-sgxr-ffdz | Multiple vulnerabilities have been reported in Clam AntiVirus. |
CVE-2010-1311
|
| VCID-32nc-x9aw-a3fb | ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system. |
CVE-2019-12625
|
| VCID-3g47-n64z-bqbb | clamav: security fixes in upstream 0.95 (CVE-2008-6680, CVE-2009-1270) |
CVE-2009-1241
|
| VCID-3rrt-vgz7-8bgz | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-2221
|
| VCID-3uwh-y2m1-nugc | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2018-1000085
|
| VCID-3v58-x48y-jug2 | Multiple vulnerabilities have been discovered in ClamAV allowing for the remote execution of arbitrary code. |
CVE-2007-1745
|
| VCID-4eva-e818-yfgq | libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. |
CVE-2016-1405
|
| VCID-4nbm-18gn-q7bt | Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2013-2020
|
| VCID-4z4r-2w8m-r7dz | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2023-20032
|
| VCID-4zzn-3akx-qyav | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-2713
|
| VCID-568z-e7ep-dbdz | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20803
|
| VCID-5hnm-hz17-2bey | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-15961
|
| VCID-5tr5-pbwa-kyhs | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-1463
|
| VCID-5ye8-ycmx-6qga | Vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. |
CVE-2007-4560
|
| VCID-63vt-1nc8-6kfc | A vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated, remote attacker to cause a buffer overflow condition, cause a denial of service (DoS) condition, or execute arbitrary code on an affected device. This vulnerability exists because memory buffers are allocated incorrectly when PDF files are processed. An attacker could exploit this vulnerability by submitting a crafted PDF file to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to trigger a buffer overflow, likely resulting in the termination of the ClamAV scanning process and a DoS condition on the affected software. Although unproven, there is also a possibility that an attacker could leverage the buffer overflow to execute arbitrary code with the privileges of the ClamAV process. |
CVE-2025-20260
|
| VCID-6cre-dvhv-tyfb | ClamAV contains two vulnerabilities allowing a Denial of Service. |
CVE-2007-0897
|
| VCID-6vfe-sqh5-33fd | The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Comodo Antivirus 7424, Emsisoft Anti-Malware 5.1.0.1, F-Prot Antivirus 4.6.2.117, F-Secure Anti-Virus 9.0.16160.0, Fortinet Antivirus 4.2.254.0, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, nProtect Anti-Virus 2011-01-17.01, Panda Antivirus 10.0.2.7, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, Sophos Anti-Virus 4.61.0, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header of the next entry. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. |
CVE-2012-1459
PYSEC-2012-26 |
| VCID-7dcd-v8q9-b3bv | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2018-15378
|
| VCID-83fz-ctpv-yuew | ClamAV contains multiple vulnerabilities that could lead to remote execution of arbitrary code or cause an application crash. |
CVE-2006-1615
|
| VCID-89nm-dhhw-rudd | Multiple vulnerabilities have been reported in Clam AntiVirus. |
CVE-2010-1640
|
| VCID-8dsa-zr5u-vya3 | clamav 0.91.2 suffers from a floating point exception when using ScanOLE2. |
CVE-2007-6745
|
| VCID-8j4p-qa4k-g3ee | Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2013-7088
|
| VCID-8qrk-wpj8-ekfk | ClamAV has many security flaws which make it vulnerable to remote execution of arbitrary code and a Denial of Service. |
CVE-2005-3501
|
| VCID-8s2g-2brb-tfhq | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1786
|
| VCID-8vyy-rhvj-9uba | A vulnerability has been discovered in ClamAV, allowing for a Denial of Service. |
CVE-2007-3725
|
| VCID-8y9g-m17c-kyey | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. |
CVE-2016-1371
|
| VCID-93n4-278h-dydh | Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-5314
|
| VCID-9yte-e44v-skb7 | ClamAV contains several vulnerabilities leading to a Denial of Service. |
CVE-2007-3023
|
| VCID-9zc3-mqdn-ufd2 | ClamAV is vulnerable to a heap-based buffer overflow potentially allowing remote execution of arbitrary code and a Denial of Service. |
CVE-2006-4182
|
| VCID-a1px-egkx-qkgd | ClamAV has many security flaws which make it vulnerable to remote execution of arbitrary code and a Denial of Service. |
CVE-2005-3500
|
| VCID-a4nz-5cr8-13an | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1789
|
| VCID-a759-t1gf-y7b3 | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2011-3627
|
| VCID-aagg-bbac-rfez | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2017-6420
|
| VCID-afs1-pn6y-2qej | The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function. |
CVE-2005-3239
|
| VCID-age6-uz2c-5kb7 | Multiple vulnerabilities have been reported in Clam AntiVirus. |
CVE-2010-1639
|
| VCID-auz9-64vf-7qdp | Two vulnerabilities in ClamAV may allow for the remote execution of arbitrary code or a Denial of Service. |
CVE-2008-5050
|
| VCID-avvd-1gv9-eyb9 | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2018-0202
|
| VCID-axqc-hqfs-1fg1 | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-0318
|
| VCID-azhe-cxb8-3kbb | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2010-0405
|
| VCID-b43h-aewb-hqfh | Multiple vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. |
CVE-2007-6337
|
| VCID-b8av-4cra-33em | The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. |
CVE-2012-1457
PYSEC-2012-25 |
| VCID-bcbq-sbmz-ayd1 | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2014-9328
|
| VCID-beus-rm7h-3qga | clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. |
CVE-2013-6497
|
| VCID-bjvz-w7s1-zfbj | ClamAV has many security flaws which make it vulnerable to remote execution of arbitrary code and a Denial of Service. |
CVE-2005-3587
|
| VCID-c9ze-8411-kfb7 | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2010-3434
|
| VCID-cc9p-w184-zfej | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2020-3327
|
| VCID-ccdb-7g4p-bugy | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1100
|
| VCID-cexz-mrrc-v3gp | Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2013-2021
|
| VCID-cysq-fdzg-13dd | ClamAV versions prior to 0.103.0-rc contain a vulnerability in function name processing through the ClamBC bytecode interpreter that allows attackers to manipulate bytecode function names. Attackers can exploit the weak input validation in function name encoding to potentially execute malicious bytecode or cause unexpected behavior in the ClamAV engine. |
CVE-2020-37167
|
| VCID-d3u3-epeb-guh9 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2023-20052
|
| VCID-d456-cjy8-d7bs | ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers. |
CVE-2005-0133
|
| VCID-dfvv-cqbj-mubr | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-2222
|
| VCID-dn26-zfsc-ryec | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20785
|
| VCID-e3qs-51ap-nkbz | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2011-2721
|
| VCID-edx7-wgfh-cuaq | ClamAV contains several vulnerabilities leading to a Denial of Service. |
CVE-2007-3122
|
| VCID-eek7-jgkz-akdh | ClamAV is vulnerable to a heap-based buffer overflow resulting in a Denial of Service and potentially remote execution of arbitrary code. |
CVE-2006-4018
|
| VCID-egd5-p68y-wfdy | A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper buffer size tracking that may result in a heap buffer over-read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to crash, resulting in a denial of service condition. |
CVE-2021-1404
|
| VCID-emwr-t3hg-xqdx | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-3215
|
| VCID-et1s-49mc-v7ej | Multiple vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. |
CVE-2007-6336
|
| VCID-f2br-quyp-v3ax | The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function. |
CVE-2005-1922
|
| VCID-f4wy-kf5n-5bhv | Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command. |
CVE-2003-0946
|
| VCID-f8wt-f14e-s7d6 | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-3913
|
| VCID-fbpv-4xce-tqa1 | ClamAV contains two vulnerabilities allowing a Denial of Service. |
CVE-2007-0898
|
| VCID-fg72-nbqy-mqgs | freshclam in ClamAV in Apple Mac OS X 10.5.8 with Security Update 2009-005 has an incorrect launchd.plist ProgramArguments key and consequently does not run, which might allow remote attackers to introduce viruses into the system. |
CVE-2010-0058
|
| VCID-fmz4-958p-xqe6 | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2010-4479
|
| VCID-fp31-7krz-abbs | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20770
|
| VCID-fsn5-241x-f7b2 | Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. |
CVE-2009-1372
|
| VCID-fvmm-4zme-a3at | File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file. |
CVE-2007-2029
|
| VCID-fw2y-5rmc-uyd2 | Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable. |
CVE-2005-2920
|
| VCID-gfff-zanp-aqb9 | ClamAV is vulnerable to Denial of Service. |
CVE-2006-6481
|
| VCID-gg41-q6x3-bbbw | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-2668
|
| VCID-ggz7-h35v-p7ep | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20505
|
| VCID-guz8-mfzu-uuc9 | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2017-6419
|
| VCID-h46v-x33x-t3ep | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2018-0360
|
| VCID-h776-h6y3-ufcu | Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file. |
CVE-2006-6406
|
| VCID-hch1-2kkj-qubf | clamav does not recognize Base64-UUEncoded files |
CVE-2007-6596
|
| VCID-hk1f-z2vm-dfeq | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2011-1003
|
| VCID-j2gt-uvam-hufk | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12377
|
| VCID-j4gm-njhq-6ygk | Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference. |
CVE-2006-5874
|
| VCID-j6w1-zy8u-sbc1 | Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. |
CVE-2008-6680
|
| VCID-jcfy-dyqj-h3aw | A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . |
CVE-2025-20234
|
| VCID-jdn6-r2vx-6fbh | Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions. |
CVE-2007-3025
|
| VCID-jn71-tnyw-cqdu | The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file. |
CVE-2008-6845
|
| VCID-k4w5-5g16-x3b2 | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1835
|
| VCID-k8az-72sh-cuer | ClamAV contains several vulnerabilities leading to a Denial of Service. |
CVE-2007-2650
|
| VCID-kh69-m841-jbbk | There is a possible heap overflow in libclamav/fsg.c before 0.100.0. |
CVE-2007-0899
|
| VCID-ku97-h544-fua1 | Multiple vulnerabilities have been discovered in ClamAV allowing for the remote execution of arbitrary code. |
CVE-2007-1997
|
| VCID-kurn-1uay-qqap | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20792
|
| VCID-m5un-q736-5khr | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2010-4260
|
| VCID-mdfk-5ked-t3bu | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2023-20197
|
| VCID-mu6w-nub4-z3ef | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20698
|
| VCID-mufb-kvfq-mubz | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1785
|
| VCID-n51n-m2r7-kbdy | bzip2: bzip2: Data integrity error when decompressing (with data integrity tests fail). |
CVE-2019-12900
|
| VCID-new8-u5x9-nkeb | A vulnerability in ClamAV could lead to a Denial of Service condition. |
CVE-2021-1405
|
| VCID-nr6r-rxtg-h3d1 | With a specific configuration (using %f in the VirusEvent parameter), Clam AntiVirus is vulnerable to an attack allowing execution of arbitrary commands. |
CVE-2004-1876
|
| VCID-ntvt-zdsj-1fgt | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2017-6418
|
| VCID-nu3x-4yc8-ufg6 | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2018-0361
|
| VCID-p14n-mfwj-vufs | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1836
|
| VCID-p21f-gaf4-3bcw | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-0314
|
| VCID-p4qp-2b79-akhw | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-0728
|
| VCID-p5hg-2rdb-z3hq | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1788
|
| VCID-p5qn-njcb-1fdr | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-1461
|
| VCID-pmub-shqe-ubbt | The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file. |
CVE-2005-3303
|
| VCID-pty8-xunq-huf3 | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-3914
|
| VCID-pwm2-bk7k-j7cm | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-1462
|
| VCID-pxt8-5rha-kkf8 | ClamAV contains multiple vulnerabilities that could lead to remote execution of arbitrary code or cause an application crash. |
CVE-2006-1630
|
| VCID-pzw9-7mr3-kugx | A vulnerability in Clam AntiVirus can lead to a Denial of Service condition. |
CVE-2014-9050
|
| VCID-q9rb-p3vk-5uaa | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2007-6595
|
| VCID-qacw-bby8-9kdg | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2019-1798
|
| VCID-qc9z-s9xt-1baw | Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. |
CVE-2009-1270
|
| VCID-qvz2-bk3f-7bch | The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations. |
CVE-2012-1419
|
| VCID-qwwa-mf8k-2fdc | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12378
|
| VCID-rdv9-ec51-9qg9 | Multiple vulnerabilities in ClamAV allow for the remote execution of arbitrary code or Denial of Service. |
CVE-2009-1371
|
| VCID-rhj5-gtyt-2ucn | A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. |
CVE-2024-20380
|
| VCID-s15m-qwrh-bqdq | The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read. |
CVE-2005-1923
|
| VCID-s22j-vmt3-6qaa | ClamAV is vulnerable to a denial of service attack when processing certain RAR archives. |
CVE-2004-1909
|
| VCID-s3kf-5t6w-c7hm | libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program. |
CVE-2004-0270
|
| VCID-sbbh-2bet-gyaz | The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different CHM parser implementations. |
CVE-2012-1458
|
| VCID-seed-bera-73ez | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12379
|
| VCID-sq4f-krz1-87fw | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20290
|
| VCID-ssb2-q4q7-hqhh | ClamAV contains several vulnerabilities leading to a Denial of Service. |
CVE-2007-3024
|
| VCID-t74n-k2kq-z3hv | ClamAV is vulnerable to a buffer overflow which may lead to remote execution of arbitrary code. |
CVE-2006-0162
|
| VCID-th8f-btfy-1yg4 | The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used in Sendmail using long timeouts, allows remote attackers to cause a denial of service by keeping an open connection, which prevents ClamAV from reloading. |
CVE-2005-2070
|
| VCID-tj9r-n16b-7uam | ClamAV contains two vulnerabilities that could lead to Denial of Service and evasion of virus scanning. |
CVE-2005-0218
|
| VCID-tpcz-e492-efdk | Multiple vulnerabilities have been reported in Clam AntiVirus. |
CVE-2010-0098
|
| VCID-tzph-y73s-6qb9 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could result in remote code execution. |
CVE-2022-20771
|
| VCID-tzrt-nka9-67hh | Multiple vulnerabilities were found in Clam AntiVirus, the most severe of which may allow the execution of arbitrary code. |
CVE-2010-4261
|
| VCID-u3pj-kant-effb | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2020-3123
|
| VCID-u4q5-6h15-guf2 | Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper. |
CVE-2005-3229
|
| VCID-u4qp-vcnh-c3dd | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12374
|
| VCID-umkp-zyee-sqac | ClamAV contains several vulnerabilities leading to a Denial of Service. |
CVE-2007-3123
|
| VCID-uvbv-aeft-jyay | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1837
|
| VCID-uzg5-a999-afhp | security update |
CVE-2015-2305
|
| VCID-uzyz-uw16-7ufk | Multiple vulnerabilities have been found in ClamAV, possibly resulting in Denial of Service. |
CVE-2015-2170
|
| VCID-v7xg-3h2f-1yd2 | Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2013-7087
|
| VCID-vbmy-urt6-myha | A vulnerability in the PDF archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.101 - 0.102.2 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a stack buffer overflow read. An attacker could exploit this vulnerability by sending a crafted PDF file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition. |
CVE-2020-3341
|
| VCID-vdeg-psw7-ckej | Clam AntiVirus is vulnerable to a Denial of Service attack when processing certain Quantum archives. |
CVE-2005-2056
|
| VCID-vdhk-r67a-s3fr | A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to an integer underflow in a bounds check that allows for a heap buffer overflow read. An attacker could exploit this vulnerability by submitting a crafted file containing OLE2 content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the . Cisco has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. |
CVE-2025-20128
|
| VCID-vhv6-2yu5-wbb3 | freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file. |
CVE-2006-2427
|
| VCID-vqyc-hxfb-ufav | ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. |
CVE-2016-1372
|
| VCID-vzhw-bgs7-sye3 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2023-20212
|
| VCID-w94u-kcpw-4ub2 | Freshclam is vulnerable to a buffer overflow that could lead to execution of arbitrary code. |
CVE-2006-1989
|
| VCID-wjvc-p75d-p3a9 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20506
|
| VCID-x538-vjsv-3ud8 | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-1389
|
| VCID-xbuy-fyct-tqcz | Vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. |
CVE-2007-4510
|
| VCID-xfzw-afgg-fqdc | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2020-3481
|
| VCID-xp7y-un7p-rbgp | Multiple vulnerabilities in ClamAV may result in a Denial of Service. |
CVE-2008-3912
|
| VCID-xwgq-w8k4-xbcn | A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to improper error handling that may result in an infinite loop. An attacker could exploit this vulnerability by sending a crafted Excel file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process hang, resulting in a denial of service condition. |
CVE-2021-1252
|
| VCID-xyb8-pe6q-sbby | The Ubuntu clamav-milter.init script in clamav-milter before 0.95.1+dfsg-1ubuntu1.2 in Ubuntu 9.04 sets the ownership of the current working directory to the clamav account, which might allow local users to bypass intended access restrictions via read or write operations involving this directory. |
CVE-2009-1601
|
| VCID-xzye-g5rw-fyh5 | Multiple vulnerabilities have been found in GraphicsMagick, allowing remote attackers to execute arbitrary code or cause a Denial of Service condition. |
CVE-2009-3736
|
| VCID-y1wr-yddc-9kf8 | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1387
|
| VCID-y3k7-e14w-xqbn | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12375
|
| VCID-y4s3-fzav-27g5 | Multiple vulnerabilities have been discovered in ClamAV allowing remote execution of arbitrary code and Denial of Service attacks. |
CVE-2007-6335
|
| VCID-y5h1-n12a-ebg5 | Multiple vulnerabilities have been found in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2013-7089
|
| VCID-y5mg-rpf8-cbe7 | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow remote attackers to execute arbitrary code. |
CVE-2017-11423
|
| VCID-yuub-nqnn-qyg6 | Multiple vulnerabilities have been discovered in ClamAV, the worst of which could lead to arbitrary code execution. |
CVE-2024-20328
|
| VCID-z2zq-jbdg-zke4 | Multiple vulnerabilities in ClamAV may result in the remote execution of arbitrary code. |
CVE-2008-1833
|
| VCID-z7du-zx2w-nubk | ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka "EXE info") at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit. |
CVE-2008-5525
|
| VCID-zbkr-bd4m-77cs | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12380
|
| VCID-zd3n-bhwe-xqej | ClamAV contains multiple vulnerabilities that could lead to remote execution of arbitrary code or cause an application crash. |
CVE-2006-1614
|
| VCID-zeub-1qhs-pyfh | Multiple vulnerabilities have been found in ClamAV, the worst of which could result in a Denial of Service condition. |
CVE-2020-3350
|
| VCID-zfuc-jbs7-a7c5 | libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable. |
CVE-2005-2919
|
| VCID-zys1-2pnp-h3an | Multiple vulnerabilities have been found in ClamAV, the worst of which may allow execution of arbitrary code. |
CVE-2017-12376
|