Clamav: Security Vulnerabilities
A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to a null pointer dereference. An attacker could exploit this vulnerability by sending a crafted EGG file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVSS Score
7.5
EPSS Score
0.039
Published
2020-07-20
A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to an out-of-bounds read affecting users that have enabled the optional DLP feature. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process crash, resulting in a denial of service condition.
CVSS Score
7.5
EPSS Score
0.049
Published
2020-02-05
A vulnerability in the email parsing module Clam AntiVirus (ClamAV) Software versions 0.102.0, 0.101.4 and prior could allow an unauthenticated, remote attacker to cause a denial of service condition on an affected device. The vulnerability is due to inefficient MIME parsing routines that result in extremely long scan times of specially formatted email files. An attacker could exploit this vulnerability by sending a crafted email file to an affected device. An exploit could allow the attacker to cause the ClamAV scanning process to scan the crafted email file indefinitely, resulting in a denial of service condition.
CVSS Score
7.5
EPSS Score
0.02
Published
2020-01-15
ClamAV before 0.97.7 has WWPack corrupt heap memory
CVSS Score
9.8
EPSS Score
0.004
Published
2019-11-15
ClamAV before 0.97.7 has buffer overflow in the libclamav component
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-15
ClamAV before 0.97.7: dbg_printhex possible information leak
CVSS Score
7.5
EPSS Score
0.004
Published
2019-11-15
clamav 0.91.2 suffers from a floating point exception when using ScanOLE2.
CVSS Score
9.8
EPSS Score
0.007
Published
2019-11-07
There is a possible heap overflow in libclamav/fsg.c before 0.100.0.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-11-06
ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. An out-of-bounds heap read condition may occur when scanning PE files. An example is Windows EXE and DLL files that have been packed using Aspack as a result of inadequate bound-checking.
CVSS Score
7.5
EPSS Score
0.024
Published
2019-11-05
ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected system.
CVSS Score
7.5
EPSS Score
0.023
Published
2019-11-05