VulnerableCode Package Details - pkg:alpm/archlinux/clamav@0.99.4-1

Search for packages

Vulnerability	Summary	Fixed by
This package is not known to be affected by vulnerabilities.

Vulnerability

Summary

Fixed by

This package is not known to be affected by vulnerabilities.

Vulnerability	Summary	Aliases
VCID-8pm8-hj6d-aaaq	The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.	CVE-2017-11423
VCID-pkqq-11ut-aaak	ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.	CVE-2018-1000085
VCID-q3fd-q3r3-aaas	mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.	CVE-2017-6419
VCID-uk9v-27md-aaaj	clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.	CVE-2018-0202
VCID-z9ce-vj34-aaas	A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].	CVE-2012-6706

Vulnerability

Summary

Aliases

VCID-8pm8-hj6d-aaaq

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

CVE-2017-11423

VCID-pkqq-11ut-aaak

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit chains.. This attack appear to be exploitable via The victim must scan a crafted XAR file. This vulnerability appears to have been fixed in after commit d96a6b8bcc7439fa7e3876207aa0a8e79c8451b6.

CVE-2018-1000085

VCID-q3fd-q3r3-aaas

mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file.

CVE-2017-6419

VCID-uk9v-27md-aaaj

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to improper input validation checking mechanisms when handling Portable Document Format (.pdf) files sent to an affected device. An unauthenticated, remote attacker could exploit this vulnerability by sending a crafted .pdf file to an affected device. This action could cause an out-of-bounds read when ClamAV scans the malicious file, allowing the attacker to cause a DoS condition. This concerns pdf_parse_array and pdf_parse_string in libclamav/pdfng.c. Cisco Bug IDs: CSCvh91380, CSCvh91400.

CVE-2018-0202

VCID-z9ce-vj34-aaas

A VMSF_DELTA memory corruption was discovered in unrar before 5.5.5, as used in Sophos Anti-Virus Threat Detection Engine before 3.37.2 and other products, that can lead to arbitrary code execution. An integer overflow can be caused in DataSize+CurChannel. The result is a negative value of the "DestPos" variable, which allows the attacker to write out of bounds when setting Mem[DestPos].

CVE-2012-6706

Date	Actor	Action	Vulnerability	Source	VulnerableCode Version
2025-03-28T07:44:36.994930+00:00	Arch Linux Importer	Fixing	VCID-z9ce-vj34-aaas	https://security.archlinux.org/AVG-602	36.0.0
2025-03-28T07:44:36.963922+00:00	Arch Linux Importer	Fixing	VCID-8pm8-hj6d-aaaq	https://security.archlinux.org/AVG-602	36.0.0
2025-03-28T07:44:36.932152+00:00	Arch Linux Importer	Fixing	VCID-q3fd-q3r3-aaas	https://security.archlinux.org/AVG-602	36.0.0
2025-03-28T07:44:36.898133+00:00	Arch Linux Importer	Fixing	VCID-uk9v-27md-aaaj	https://security.archlinux.org/AVG-602	36.0.0
2025-03-28T07:44:36.875546+00:00	Arch Linux Importer	Fixing	VCID-pkqq-11ut-aaak	https://security.archlinux.org/AVG-602	36.0.0
2024-09-18T01:59:41.005771+00:00	Arch Linux Importer	Fixing	VCID-z9ce-vj34-aaas	https://security.archlinux.org/AVG-602	34.0.1
2024-09-18T01:59:40.977845+00:00	Arch Linux Importer	Fixing	VCID-8pm8-hj6d-aaaq	https://security.archlinux.org/AVG-602	34.0.1
2024-09-18T01:59:40.951423+00:00	Arch Linux Importer	Fixing	VCID-q3fd-q3r3-aaas	https://security.archlinux.org/AVG-602	34.0.1
2024-09-18T01:59:40.923684+00:00	Arch Linux Importer	Fixing	VCID-uk9v-27md-aaaj	https://security.archlinux.org/AVG-602	34.0.1
2024-09-18T01:59:40.897847+00:00	Arch Linux Importer	Fixing	VCID-pkqq-11ut-aaak	https://security.archlinux.org/AVG-602	34.0.1
2024-01-03T22:25:56.783081+00:00	Arch Linux Importer	Fixing	VCID-z9ce-vj34-aaas	https://security.archlinux.org/AVG-602	34.0.0rc1
2024-01-03T22:25:56.755207+00:00	Arch Linux Importer	Fixing	VCID-8pm8-hj6d-aaaq	https://security.archlinux.org/AVG-602	34.0.0rc1
2024-01-03T22:25:56.728848+00:00	Arch Linux Importer	Fixing	VCID-q3fd-q3r3-aaas	https://security.archlinux.org/AVG-602	34.0.0rc1
2024-01-03T22:25:56.702826+00:00	Arch Linux Importer	Fixing	VCID-uk9v-27md-aaaj	https://security.archlinux.org/AVG-602	34.0.0rc1
2024-01-03T22:25:56.678950+00:00	Arch Linux Importer	Fixing	VCID-pkqq-11ut-aaak	https://security.archlinux.org/AVG-602	34.0.0rc1

2025-03-28T07:44:36.994930+00:00

Arch Linux Importer

Fixing