Clam Anti-virusCVEs & Vulnerabilities

61 CVEs affecting Clam Anti-virus products, tracked from the National Vulnerability Database, with CVSS/EPSS scores and exploitation status.

Most Affected Products

clamav 934clamxav 1
CVE-2005-2450HIGH

Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.

3 Aug 2005
7.5
CVSS
CVE-2005-1922MEDIUM

The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.

5 Jul 2005
5.0
CVSS
CVE-2005-1923LOW

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

5 Jul 2005
2.6
CVSS
CVE-2005-2056LOW

The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.

29 Jun 2005
2.6
CVSS
CVE-2005-1800MEDIUMpoc

Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.

28 May 2005
4.3
CVSS
CVE-2005-1795HIGH

The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.

27 May 2005
7.5
CVSS
CVE-2005-1711HIGH

Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.

24 May 2005
7.5
CVSS
CVE-2005-0133MEDIUM

ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.

2 May 2005
5.0
CVSS
CVE-2005-0218MEDIUM

ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.

2 May 2005
5.0
CVSS
CVE-2004-1909LOW

Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.

31 Dec 2004
2.6
CVSS
CVE-2004-0270MEDIUMpoc

libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.

23 Nov 2004
5.0
CVSS
CVE-2004-1876MEDIUM

The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.

30 Mar 2004
4.6
CVSS
CVE-2003-0946HIGH

Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.

15 Dec 2003
7.5
CVSS
← PrevPage 2 / 2Next →