Clam Anti-Virus: >> Clamav >> 0.91rc2 Security Vulnerabilities
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
CVSS Score
9.3
EPSS Score
0.207
Published
2008-11-13
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
CVSS Score
5.0
EPSS Score
0.018
Published
2008-04-16
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
CVSS Score
5.0
EPSS Score
0.093
Published
2008-04-16