Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

clamav clamav 0.88.3 vulnerabilities and exploits

(subscribe to this query)
7.5
CVSSv2
CVE-2006-4018
Heap-based buffer overflow in the pefromupx function in libclamav/upx.c in Clam AntiVirus (ClamAV) 0.81 up to and including 0.88.3 allows remote malicious users to execute arbitrary code via a crafted UPX packed file containing sections with large rsize values.
Clamav Clamav 0.84Clamav Clamav 0.86Clamav Clamav 0.87.1Clamav Clamav 0.81Clamav Clamav 0.85.1Clamav Clamav 0.88.2Clamav Clamav 0.88.3Clamav Clamav 0.82Clamav Clamav 0.83Clamav Clamav 0.86.1Clamav Clamav 0.86.2Clamav Clamav 0.85Clamav Clamav 0.87Clamav Clamav 0.88Clamav Clamav 0.88.1
4.3
CVSSv2
CVE-2010-1639
The cli_pdf function in libclamav/pdf.c in ClamAV prior to 0.96.1 allows remote malicious users to cause a denial of service (crash) via a malformed PDF file, related to an inconsistency in the calculated stream length and the real stream length.
Clamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.93.1Clamav Clamav 0.95.1Clamav Clamav 0.93Clamav Clamav 0.70Clamav Clamav 0.68.1
5
CVSSv2
CVE-2008-6845
The unpack feature in ClamAV 0.93.3 and previous versions allows remote malicious users to cause a denial of service (segmentation fault) via a corrupted LZH file.
Clamav Clamav 0.93.2Clamav Clamav 0.88.1Clamav Clamav 0.88.2Clamav Clamav 0.88.7 P1Clamav Clamav 0.90.3 P0Clamav Clamav 0.90.3 P1Clamav Clamav 0.90.2 P0Clamav Clamav 0.92.1Clamav Clamav 0.65Clamav Clamav 0.93.1Clamav Clamav 0.71Clamav Clamav 0.83Clamav Clamav 0.84Clamav Clamav 0.05Clamav Clamav 0.03Clamav Clamav 0.14Clamav Clamav 0.12Clamav Clamav 0.24Clamav Clamav 0.90.1Clamav Clamav 0.67-1Clamav Clamav 0.80Clamav Clamav 0.87
10
CVSSv2
CVE-2008-0728
The unmew11 function in libclamav/mew.c in libclamav in ClamAV prior to 0.92.1 has unknown impact and attack vectors that trigger "heap corruption."
Clamav Clamav 0.66Clamav Clamav 0.67-1Clamav Clamav 0.80Clamav Clamav 0.90Clamav Clamav 0.88Clamav Clamav 0.87.1Clamav Clamav 0.88.7 P0Clamav Clamav 0.88.7Clamav Clamav 0.90.3 P1Clamav Clamav 0.90.2 P0Clamav Clamav 0.90.3Clamav Clamav 0.68Clamav Clamav 0.67Clamav Clamav 0.75.1Clamav Clamav 0.75Clamav Clamav 0.85.1Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.21Clamav Clamav 0.54Clamav Clamav 0.60Clamav Clamav 0.81
5
CVSSv2
CVE-2014-9050
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV prior to 0.98.5 allows remote malicious users to cause a denial of service (crash) via a crafted y0da Crypter PE file.
Clamav ClamavClamav Clamav 0.93Clamav Clamav 0.92 P0Clamav Clamav 0.91Clamav Clamav 0.90Clamav Clamav 0.88.7Clamav Clamav 0.88.6Clamav Clamav 0.87.1Clamav Clamav 0.87Clamav Clamav 0.84Clamav Clamav 0.80Clamav Clamav 0.74Clamav Clamav 0.73Clamav Clamav 0.72Clamav Clamav 0.67Clamav Clamav 0.66Clamav Clamav 0.51Clamav Clamav 0.3Clamav Clamav 0.14Clamav Clamav 0.13Clamav Clamav 0.93.2Clamav Clamav 0.93.1
9.3
CVSSv2
CVE-2010-3434
Buffer overflow in the find_stream_bounds function in pdf.c in libclamav in ClamAV prior to 0.96.3 allows remote malicious users to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted PDF document. NOTE: some of these details are obtaine...
Clamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.92 P0Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.91.2 P0Clamav Clamav 0.93.1Clamav Clamav 0.95.1Clamav Clamav 0.93
5
CVSSv2
CVE-2010-1311
The qtm_decompress function in libclamav/mspack.c in ClamAV prior to 0.96 allows remote malicious users to cause a denial of service (memory corruption and application crash) via a crafted CAB archive that uses the Quantum (aka .Q) compression format. NOTE: some of these details ...
Clamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.93.1Clamavs Clamav 0.04Clamav Clamav 0.95.1Clamav Clamav 0.93Clamav Clamav 0.70
10
CVSSv2
CVE-2010-0098
ClamAV prior to 0.96 does not properly handle the (1) CAB and (2) 7z file formats, which allows remote malicious users to bypass virus detection via a crafted archive that is compatible with standard archive utilities.
Clamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.93.1Clamavs Clamav 0.04Clamav Clamav 0.95.1Clamav Clamav 0.93Clamav Clamav 0.70
5
CVSSv2
CVE-2011-2721
Off-by-one error in the cli_hm_scan function in matcher-hash.c in libclamav in ClamAV prior to 0.97.2 allows remote malicious users to cause a denial of service (daemon crash) via an e-mail message that is not properly handled during certain hash calculations.
Clamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.8Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.92 P0Clamav Clamav 0.97Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.91.2 P0Clamav Clamav 0.93.1
6.8
CVSSv2
CVE-2011-1003
Double free vulnerability in the vba_read_project_strings function in vba_extract.c in libclamav in ClamAV prior to 0.97 might allow remote malicious users to execute arbitrary code via crafted Visual Basic for Applications (VBA) data in a Microsoft Office document. NOTE: some of...
Clamav ClamavClamav Clamav 0.95.2Clamav Clamav 0.86.2Clamav Clamav 0.88.5Clamav Clamav 0.02Clamav Clamav 0.92Clamav Clamav 0.95Clamav Clamav 0.8Clamav Clamav 0.15Clamav Clamav 0.90Clamav Clamav 0.75.1Clamav Clamav 0.65Clamav Clamav 0.88.7Clamav Clamav 0.81Clamav Clamav 0.86Clamav Clamav 0.01Clamav Clamav 0.92 P0Clamav Clamav 0.85Clamav Clamav 0.84Clamav Clamav 0.3Clamav Clamav 0.91.2 P0Clamav Clamav 0.93.1
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
blind SQL injectionCVE-2006-4304CVE-2023-26603CVE-2024-28327CVE-2023-50363CVE-2024-21905template injectionCVE-2024-3400cross-site request forgery
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook