Multiple memory leaks in freshclam/manager.c in ClamAV before 0.94 might allow attackers to cause a denial of service (memory consumption) via unspecified vectors related to “error handling logic”….
CVE Identifier: CVE-2008-3913
Vulnerability Type(s):
Severity: Medium
Multiple unspecified vulnerabilities in ClamAV before 0.94 have unknown impact and attack vectors related to file descriptor leaks on the “error path” in (1) libclamav/others.c and (2) libclamav/sis.c….
CVE Identifier: CVE-2008-3914
Vulnerability Type(s):
Severity: Unknown Severity
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an “invalid memory access.”…
CVE Identifier: CVE-2008-1389
Vulnerability Type(s):
Severity: Medium
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access…
CVE Identifier: CVE-2008-3215
Vulnerability Type(s):
Severity: Medium
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read….
CVE Identifier: CVE-2008-2713
Vulnerability Type(s):
Severity: Medium
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats….
CVE Identifier: CVE-2008-1387
Vulnerability Type(s):
Severity: Medium
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar….
CVE Identifier: CVE-2008-1835
Vulnerability Type(s):
Severity: Medium
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read….
CVE Identifier: CVE-2008-1836
Vulnerability Type(s):
Severity: Medium
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger “memory problems,” as demonstrated by the PROTOS GENOME test suite for Archive Formats….
CVE Identifier: CVE-2008-1837
Vulnerability Type(s):
Severity: Medium
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value….
CVE Identifier: CVE-2008-0314
Vulnerability Type(s):
Severity: High
