Published: 21/03/2012 Updated: 18/01/2018

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast! Antivirus 4.8.1351.0 and 5.0.677.0, AVG Anti-Virus 10.0.0.1190, Bitdefender 7.2, Quick Heal (aka Cat QuickHeal) 11.00, ClamAV 0.96.4, Command Antivirus 5.2.11.5, Emsisoft Anti-Malware 5.1.0.1, eSafe 7.0.17.0, F-Prot Antivirus 4.6.2.117, G Data AntiVirus 21, Ikarus Virus Utilities T3 Command Line Scanner 1.1.97.0, Jiangmin Antivirus 13.0.900, K7 AntiVirus 9.77.3565, Kaspersky Anti-Virus 7.0.0.125, McAfee Anti-Virus Scanning Engine 5.400.0.1158, McAfee Gateway (formerly Webwasher) 2010.1C, Antimalware Engine 1.1.6402.0 in Microsoft Security Essentials 2.0, NOD32 Antivirus 5795, Norman Antivirus 6.06.12, PC Tools AntiVirus 7.0.3.5, Rising Antivirus 22.83.00.03, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Trend Micro AntiVirus 9.120.0.1004, Trend Micro HouseCall 9.120.0.1004, VBA32 3.12.14.2, and VirusBuster 13.6.151.0 allows remote malicious users to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size. NOTE: this may later be SPLIT into multiple CVEs if additional information is published showing that the error occurred independently in different TAR parser implementations.

Vulnerable Product	Search on Vulmon	Subscribe to Product
bitdefender bitdefender 7.2
cat quick heal 11.00
ikarus ikarus virus utilities t3 command line scanner 1.1.97.0
jiangmin jiangmin antivirus 13.0.900
pc tools pc tools antivirus 7.0.3.5
rising-global rising antivirus 22.83.00.03
avira antivir 7.11.1.163
clamav clamav 0.96.4
authentium command antivirus 5.2.11.5
k7computing antivirus 9.77.3565
kaspersky kaspersky anti-virus 7.0.0.125
symantec endpoint protection 11.0
trendmicro trend micro antivirus 9.120.0.1004
alwil avast antivirus 5.0.677.0
avg avg anti-virus 10.0.0.1190
f-prot f-prot antivirus 4.6.2.117
gdata-software g data antivirus 21
microsoft security essentials 2.0
eset nod32 antivirus 5795
norman norman antivirus \\& antispyware 6.06.12
virusbuster virusbuster 13.6.151.0
antiy avl sdk 2.0.3.7
alwil avast antivirus 4.8.1351.0
emsisoft anti-malware 5.1.0.1
aladdin esafe 7.0.17.0
mcafee scan engine 5.400.0.1158
mcafee gateway 2010.1c
trendmicro housecall 9.120.0.1004
anti-virus vba32 3.12.14.2

Debian Bug report logs - #668273 Multiple security issues Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 10 Apr 2012 13:39:01 UTC Severity: i ...

USN-1482-1 introduced a regression in ClamAV that could cause it to fail to scan certain documents ...

ClamAV could improperly detect malware if it opened a specially crafted file ...

CVE-2012-1457

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect