Clam Anti-Virus: >> Clamav >> 0.90_rc1.1 Security Vulnerabilities
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
CVSS Score
5.0
EPSS Score
0.009
Published
2007-06-07
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
CVSS Score
5.0
EPSS Score
0.027
Published
2007-06-07
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
CVSS Score
7.5
EPSS Score
0.108
Published
2007-04-16
Page 2