Total
95 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2024-20380 | 1 Clamav | 1 Clamav | 2025-07-23 | N/A | 7.5 HIGH |
| A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to an issue in the C to Rust foreign function interface. An attacker could exploit this vulnerability by submitting a crafted file containing HTML content to be scanned by ClamAV on an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to terminate, resulting in a DoS condition on the affected software. | |||||
| CVE-2024-20328 | 1 Clamav | 1 Clamav | 2025-07-23 | N/A | 5.3 MEDIUM |
| A vulnerability in the VirusEvent feature of ClamAV could allow a local attacker to inject arbitrary commands with the privileges of the application service account.The vulnerability is due to unsafe handling of file names. A local attacker could exploit this vulnerability by supplying a file name containing command-line sequences. When processed on a system using configuration options for the VirusEvent feature, the attacker could cause the application to execute arbitrary commands. ClamAV has released software updates that address this vulnerability. There are no workarounds that address this vulnerability. | |||||
| CVE-2017-6418 | 1 Clamav | 1 Clamav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. | |||||
| CVE-2017-11423 | 2 Clamav, Libmspack Project | 2 Clamav, Libmspack | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file. | |||||
| CVE-2017-6420 | 1 Clamav | 1 Clamav | 2025-04-20 | 4.3 MEDIUM | 5.5 MEDIUM |
| The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. | |||||
| CVE-2017-6419 | 2 Clamav, Libmspack Project | 2 Clamav, Libmspack | 2025-04-20 | 6.8 MEDIUM | 7.8 HIGH |
| mspack/lzxd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2, allows remote attackers to cause a denial of service (heap-based buffer overflow and application crash) or possibly have unspecified other impact via a crafted CHM file. | |||||
| CVE-2015-2668 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. | |||||
| CVE-2015-2170 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 5.0 MEDIUM | N/A |
| The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. | |||||
| CVE-2015-1461 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition." | |||||
| CVE-2014-9328 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition." | |||||
| CVE-2015-1462 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | 7.5 HIGH | N/A |
| ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition." | |||||
| CVE-2015-2221 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. | |||||
| CVE-2016-1371 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. | |||||
| CVE-2014-9050 | 1 Clamav | 1 Clamav | 2025-04-12 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. | |||||
| CVE-2013-6497 | 1 Clamav | 1 Clamav | 2025-04-12 | 2.1 LOW | N/A |
| clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. | |||||
| CVE-2016-1405 | 2 Cisco, Clamav | 3 Email Security Appliance, Web Security Appliance, Clamav | 2025-04-12 | 5.0 MEDIUM | 7.5 HIGH |
| libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before 9.0.1-135 and 9.1.x before 9.1.1-041, allows remote attackers to cause a denial of service (AMP process restart) via a crafted document, aka Bug IDs CSCuv78533 and CSCuw60503. | |||||
| CVE-2015-2222 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. | |||||
| CVE-2015-1463 | 2 Clamav, Fedoraproject | 2 Clamav, Fedora | 2025-04-12 | 5.0 MEDIUM | N/A |
| ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization." | |||||
| CVE-2016-1372 | 2 Canonical, Clamav | 2 Ubuntu Linux, Clamav | 2025-04-12 | 4.3 MEDIUM | 5.5 MEDIUM |
| ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. | |||||
| CVE-2010-4260 | 1 Clamav | 1 Clamav | 2025-04-11 | 5.0 MEDIUM | N/A |
| Multiple unspecified vulnerabilities in pdf.c in libclamav in ClamAV before 0.96.5 allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document, aka (1) "bb #2358" and (2) "bb #2396." | |||||