Thinking OPEN

Posts Tagged ‘clamav’

Clamav 0.93.3 and prior [Medium]

By Security Team • Jul 2nd, 2009 • Category: Security Notifications

The unpack feature in ClamAV 0.93.3 and earlier allows remote attackers to cause a denial of service (segmentation fault) via a corrupted LZH file….

CVE Identifier: CVE-2008-6845
Vulnerability Type(s):
Severity: Medium


Clamav 0.95 and prior [Medium]

By Security Team • Apr 23rd, 2009 • Category: Security Notifications

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding….

CVE Identifier: CVE-2009-1371
Vulnerability Type(s):
Severity: Medium


Clamav 0.95 and prior [Unknown Severity]

By Security Team • Apr 23rd, 2009 • Category: Security Notifications

Stack-based buffer overflow in the cli_url_canon function in libclamav/phishcheck.c in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted URL….

CVE Identifier: CVE-2009-1372
Vulnerability Type(s):
Severity: Unknown Severity


Clamav 0.94.1 and prior [High]

By Security Team • Apr 8th, 2009 • Category: Security Notifications

libclamav/untar.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (infinite loop) via a crafted TAR file that causes (1) clamd and (2) clamscan to hang….

CVE Identifier: CVE-2009-1270
Vulnerability Type(s):
Severity: High


Clamav 0.94.2 and prior [Medium]

By Security Team • Apr 8th, 2009 • Category: Security Notifications

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error….

CVE Identifier: CVE-2008-6680
Vulnerability Type(s):
Severity: Medium


Clamav 0.91rc2 and prior [High]

By Security Team • Apr 3rd, 2009 • Category: Security Notifications

Unspecified vulnerability in ClamAV before 0.95 allows remote attackers to bypass detection of malware via a modified RAR archive….

CVE Identifier: CVE-2009-1241
Vulnerability Type(s):
Severity: High


Clamav 7 and prior [High]

By Security Team • Dec 12th, 2008 • Category: Security Notifications

ClamAV 0.94.1 and possibly 0.93.1, when Internet Explorer 6 or 7 is used, allows remote attackers to bypass detection of malware in an HTML document by placing an MZ header (aka “EXE info”) at the beginning, and modifying the filename to have (1) no extension, (2) a .txt extension, or (3) a .jpg extension, as demonstrated by a document containing a CVE-2006-5745 exploit….

CVE Identifier: CVE-2008-5525
Vulnerability Type(s):
Severity: High


Clamav 0.94.1 and prior [Medium]

By Security Team • Dec 3rd, 2008 • Category: Security Notifications

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions….

CVE Identifier: CVE-2008-5314
Vulnerability Type(s):
Severity: Medium


Clamav 0.91rc2 and prior [High]

By Security Team • Nov 12th, 2008 • Category: Security Notifications

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow….

CVE Identifier: CVE-2008-5050
Vulnerability Type(s):
Severity: High


Clamav 0.91rc2 and prior [Medium]

By Security Team • Sep 10th, 2008 • Category: Security Notifications

libclamav in ClamAV before 0.94 allows attackers to cause a denial of service (NULL pointer dereference and application crash) via vectors related to an out-of-memory condition….

CVE Identifier: CVE-2008-3912
Vulnerability Type(s):
Severity: Medium


« Older Entries