Vulnerabilites related to clam_anti-virus - clamav
Vulnerability from fkie_nvd
Published
2005-11-05 11:02
Modified
2024-11-21 00:01
Severity ?
Summary
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause \"memory corruption\" and execute arbitrary code via a crafted FSG 1.33 file."
}
],
"id": "CVE-2005-3303",
"lastModified": "2024-11-21T00:01:34.483",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-05T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17448"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/146"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20482"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15318"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/146"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20482"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-30 22:19
Modified
2024-11-21 00:29
Severity ?
Summary
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 3.1 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| debian | debian_linux | 4.0 | |
| clam_anti-virus | clamav | 0.84_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:alpha:*:*:*:*:*",
"matchCriteriaId": "5BF84240-1881-4EFB-BB2F-F9CE8AD09C7B",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:amd64:*:*:*:*:*",
"matchCriteriaId": "AF8AE8C4-810F-41AB-A251-5A2D4DD6884D",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:arm:*:*:*:*:*",
"matchCriteriaId": "5EACF214-FA27-44FF-A431-927AB79377A1",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:hppa:*:*:*:*:*",
"matchCriteriaId": "E2B58895-0E2A-4466-9CB2-0083349A83B2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "03F8220A-9B1C-40AA-AEAB-F9A93225FBD5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "2311919C-7864-469D-B0F6-9B11D8D0A1C3",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:m68k:*:*:*:*:*",
"matchCriteriaId": "19876495-4C1A-487C-955A-C5AA46362A1F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mips:*:*:*:*:*",
"matchCriteriaId": "D75286DD-50BC-4B72-8AC8-E20730124DC2",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "1998C972-497E-4916-B50E-FB32303EEA8E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:ppc:*:*:*:*:*",
"matchCriteriaId": "A6CD3DD9-3A8A-4716-A2D1-136A790AFF94",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:s-390:*:*:*:*:*",
"matchCriteriaId": "6CE2020A-4FB2-4FCD-8561-7BD147CD95EB",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:sparc:*:*:*:*:*",
"matchCriteriaId": "08E90AFA-C262-46D0-B60E-26B67C9602D5",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:alpha:*:*:*:*:*",
"matchCriteriaId": "F5114DA3-FBB9-47C4-857B-3212404DAD4E",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:amd64:*:*:*:*:*",
"matchCriteriaId": "4D5F5A52-285E-4E7E-83B8-508079DBCEAE",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:arm:*:*:*:*:*",
"matchCriteriaId": "674BE2D9-009B-46C5-A071-CB10368B8D48",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:hppa:*:*:*:*:*",
"matchCriteriaId": "703486E5-906B-4BDB-A046-28D4D73E3F03",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-32:*:*:*:*:*",
"matchCriteriaId": "ABB5AC0D-2358-4C8E-99B5-2CE0A678F549",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:ia-64:*:*:*:*:*",
"matchCriteriaId": "38B37184-BA88-44F1-AC9E-8B60C2419111",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:m68k:*:*:*:*:*",
"matchCriteriaId": "0D8C9247-3E18-4DD9-AF5B-B2996C76443F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mips:*:*:*:*:*",
"matchCriteriaId": "0EEA2CDD-7FCD-461E-90FC-CDB3C3992A32",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:mipsel:*:*:*:*:*",
"matchCriteriaId": "D7B877A8-5318-402E-8AE1-753E7419060F",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:powerpc:*:*:*:*:*",
"matchCriteriaId": "A3938420-087D-4D92-A2F8-EAE54D9837EC",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:s-390:*:*:*:*:*",
"matchCriteriaId": "EFB8DE9F-2130-49E9-85EE-6793ED9FBEED",
"vulnerable": false
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:sparc:*:*:*:*:*",
"matchCriteriaId": "10F42CF8-FB98-4AFC-96C5-FD7D442B0FA3",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
},
{
"lang": "es",
"value": "Una fuga del descriptor de archivos en el manejador PDF en Clam AntiVirus (ClamAV), permite a atacantes remotos causar una denegaci\u00f3n de servicio por medio de un archivo PDF especialmente dise\u00f1ado."
}
],
"id": "CVE-2007-2029",
"lastModified": "2024-11-21T00:29:44.030",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-30T22:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34916"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25028"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25189"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/25189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-11-23 05:00
Modified
2024-11-20 23:48
Severity ?
Summary
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.65 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program."
},
{
"lang": "es",
"value": "libclamav de Clam AntiVirus 0.65 permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) mediante un mensaje de correo electr\u00f3nico con codificaci\u00f3n uu con una longitud de l\u00ednea inv\u00e1lida (por ejemplo, un car\u00e1cter en min\u00fasculas), lo que causa un error de aserc\u00ed\u00f3n en clamd que termina al programa llamante."
}
],
"id": "CVE-2004-0270",
"lastModified": "2024-11-20T23:48:09.633",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-11-23T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=107634700823822\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/3894"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9610"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=107634700823822\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/3894"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/9610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-24 04:00
Modified
2024-11-20 23:57
Severity ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90.2 | |
| gibraltar | gibraltar_firewall | 2.2 | |
| squid | squid | 2.6.stable1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:gibraltar:gibraltar_firewall:2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "79DA242C-9328-484D-A8E8-D185DE475B20",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:squid:squid:2.6.stable1:*:*:*:*:*:*:*",
"matchCriteriaId": "24D590FB-2759-475E-8136-1B15352605EC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"id": "CVE-2005-1711",
"lastModified": "2024-11-20T23:57:57.470",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-24T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-05 11:02
Modified
2024-11-21 00:02
Severity ?
Summary
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.15 | |
| clam_anti-virus | clamav | 0.20 | |
| clam_anti-virus | clamav | 0.21 | |
| clam_anti-virus | clamav | 0.22 | |
| clam_anti-virus | clamav | 0.23 | |
| clam_anti-virus | clamav | 0.24 | |
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.71 | |
| clam_anti-virus | clamav | 0.72 | |
| clam_anti-virus | clamav | 0.73 | |
| clam_anti-virus | clamav | 0.74 | |
| clam_anti-virus | clamav | 0.75 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block."
}
],
"id": "CVE-2005-3500",
"lastModified": "2024-11-21T00:02:02.667",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-05T11:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/152"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=333\u0026type=vulnerabilities"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20483"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15316"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/17434"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/152"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=333\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15316"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/2294"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-06-29 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive."
}
],
"id": "CVE-2005-2056",
"lastModified": "2024-11-20T23:58:42.040",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-06-29T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/15811"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=337279"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_38_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14058"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/15811"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=337279"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_38_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14058"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 16:05
Modified
2024-11-21 00:44
Severity ?
Summary
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 | |
| clam_anti-virus | clamav | 0.90rc1 | |
| clam_anti-virus | clamav | 0.91 | |
| clam_anti-virus | clamav | 0.92 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
},
{
"lang": "es",
"value": "ClamAV en versiones anteriores a 0.93, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (consumo de la CPU) a trav\u00e9s de un archivo ARJ manipulado, como se ha demostrado por el paquete de pruebas PROTOS GENOME para formatos de archivo."
}
],
"id": "CVE-2008-1387",
"lastModified": "2024-11-21T00:44:25.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T16:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28782"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"source": "cve@mitre.org",
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28782"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-31 19:46
Modified
2024-11-21 00:40
Severity ?
Summary
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.92 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file."
},
{
"lang": "es",
"value": "ClamAV 0.92 no reconoce archivos codificados en Base64 UUEncode, lo cual permite a atacantes remotos evitar el esc\u00e1ner mediante un archivo codificado en Base64-UUEncode."
}
],
"id": "CVE-2007-6596",
"lastModified": "2024-11-21T00:40:31.827",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-31T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3501"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019148"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-12 01:28
Modified
2024-11-21 00:22
Severity ?
Summary
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.88.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406."
},
{
"lang": "es",
"value": "Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desbordamiento de pila y ca\u00edda de aplicaci\u00f3n) encapsulando un documento con muchas capas de contenido multiparte/mezclado (multipart/mixed), una vulnerabilidad distinta de CVE-2006-5874 y CVE-2006-6406."
}
],
"id": "CVE-2006-6481",
"lastModified": "2024-11-21T00:22:47.380",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-12T01:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/31283"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23347"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23404"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23417"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23460"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200612-18.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21609"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0072/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/31283"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23347"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23404"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23417"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200612-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21609"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0072/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-09-04 16:41
Modified
2024-11-21 00:44
Severity ?
Summary
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D68C0C00-CE03-418F-BC77-7C38468E15BD",
"versionEndIncluding": "0.93.3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B03FC481-8143-411F-AF74-86433188346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E1E0C-7240-47A7-8C35-2C48D1C56F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "057EEF4D-3101-4575-83E3-34BA2823DE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F86DA3C9-C6D5-4B04-9EAA-54350BE8CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:pre:*:*:*:*:*:*",
"matchCriteriaId": "FB031F8A-2D70-46F4-BA98-64CACCF5A394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "5909491A-3D43-4648-B0F9-983BF2BE13B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DB0BD14-60D1-4482-A91E-AFA501DE1F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FFFDE6BB-38A1-4074-A3E1-E59BB5E7ED74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79FC2D39-6F8E-4267-8D4B-0C59D28A0E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89533C50-275D-440D-88B4-363B3DED39E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E787E42E-3339-47FD-904E-5E3C73991CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F21E03C7-0293-402C-ACAE-41E7F11B7AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8BD1ADF-C784-4E43-A6A5-09D416E96AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFA6F1E-9F25-400C-B626-3B9EDA396913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC24A055-278C-4A78-8C68-AC7618EF3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "40F14DB9-8437-4CEB-9D63-098FD9E604E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C92175-5E97-4197-8495-25900134B652",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
},
{
"lang": "es",
"value": "libclamav/chmunpack.c en the chm-parser en ClamAV anterior a 0.94, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo CHM mal formado, en relaci\u00f3n con un \"acceso no v\u00e1lido a memoria\"."
}
],
"id": "CVE-2008-1389",
"lastModified": "2024-11-21T00:44:25.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-09-04T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31725"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31906"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32030"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32699"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/30994"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020805"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31725"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31906"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31982"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32030"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32222"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3216"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/30994"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020805"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-01-10 19:03
Modified
2024-11-21 00:05
Severity ?
Summary
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | . | |
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.80_rc1 | |
| clam_anti-virus | clamav | 0.80_rc2 | |
| clam_anti-virus | clamav | 0.80_rc3 | |
| clam_anti-virus | clamav | 0.80_rc4 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 | |
| clam_anti-virus | clamav | 0.87.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4BB686-4159-41D9-9AE2-67AF2FCDE0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files."
}
],
"id": "CVE-2006-0162",
"lastModified": "2024-11-21T00:05:48.510",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-01-10T19:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18453"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18463"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18478"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/18548"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/342"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015457"
},
{
"source": "cve@mitre.org",
"url": "http://www.clamav.net/doc/0.88/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-947"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/385908"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:016"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/22318"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16191"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/0116"
},
{
"source": "cve@mitre.org",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24047"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/18379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18478"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/18548"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/342"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.clamav.net/doc/0.88/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-947"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/385908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/22318"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/16191"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/0116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24047"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-10 02:28
Modified
2024-11-21 00:20
Severity ?
Summary
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * | |
| clam_anti-virus | clamav | . | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.80_rc1 | |
| clam_anti-virus | clamav | 0.80_rc2 | |
| clam_anti-virus | clamav | 0.80_rc3 | |
| clam_anti-virus | clamav | 0.80_rc4 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.81_rc1 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.86_rc1 | |
| clam_anti-virus | clamav | 0.87 | |
| clam_anti-virus | clamav | 0.87.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B498C911-81FC-4B1A-B9A4-5F266AA2B7CA",
"versionEndIncluding": "0.88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4BB686-4159-41D9-9AE2-67AF2FCDE0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference."
},
{
"lang": "es",
"value": "Clam AntiVirus (ClamAV) 0.88 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un adjunto MIME codificado-base64 mal formado que dispara una referencia a puntero null."
}
],
"id": "CVE-2006-5874",
"lastModified": "2024-11-21T00:20:54.897",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23327"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1232"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21510"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23327"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21510"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 15:05
Modified
2024-11-21 00:41
Severity ?
Summary
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.92.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en libclamav de ClamAV 0.92.1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un paquete binario PE con un PeSpin manipulado con el valor de longitud modificado."
}
],
"id": "CVE-2008-0314",
"lastModified": "2024-11-21T00:41:39.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T15:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29886"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019851"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019851"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-06 22:04
Modified
2024-11-21 00:09
Severity ?
Summary
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.80_rc1 | |
| clam_anti-virus | clamav | 0.80_rc2 | |
| clam_anti-virus | clamav | 0.80_rc3 | |
| clam_anti-virus | clamav | 0.80_rc4 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 | |
| clam_anti-virus | clamav | 0.87.1 | |
| clam_anti-virus | clamav | 0.88 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an \"invalid memory access.\""
}
],
"id": "CVE-2006-1630",
"lastModified": "2024-11-21T00:09:21.010",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-06T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19534"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19536"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19564"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19570"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19608"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20077"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23719"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24459"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25662"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24459"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25662"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-02-12 20:00
Modified
2024-11-21 00:41
Severity ?
Summary
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15D4A58F-9A7C-40CA-940F-ADF8CF91ACB0",
"versionEndIncluding": "0.92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Un desbordamiento de enteros en la funci\u00f3n cli_scanpe en libclamav en ClamAV anterior a la versi\u00f3n 0.92.1, tal como es usado en clamd, permite a los atacantes remotos causar una denegaci\u00f3n de servicio y posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo PE empaquetado Petite creado, que desencadena un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."
}
],
"id": "CVE-2008-0318",
"lastModified": "2024-11-21T00:41:39.450",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-02-12T20:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28907"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28913"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28949"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29001"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29026"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29048"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29060"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019394"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29001"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29026"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29048"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29060"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019394"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-20 23:03
Modified
2024-11-21 00:00
Severity ?
Summary
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.71 | |
| clam_anti-virus | clamav | 0.72 | |
| clam_anti-virus | clamav | 0.73 | |
| clam_anti-virus | clamav | 0.74 | |
| clam_anti-virus | clamav | 0.75 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable."
}
],
"id": "CVE-2005-2920",
"lastModified": "2024-11-21T00:00:43.467",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-20T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16848"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16989"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/363713"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19506"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14866"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1774"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/363713"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19506"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14866"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-02-16 19:28
Modified
2024-11-21 00:27
Severity ?
Summary
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F8D97900-5AD1-43BF-860F-537D25A54C95",
"versionEndIncluding": "0.88.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message."
},
{
"lang": "es",
"value": "Vulnerabilidad de salto de directorio en clamd en Clam AntiVirus ClamAV anterior a 0.90 permite a atacantes remotos sobreescribir ficheros de su elecci\u00f3n a trav\u00e9s de la secuencia .. (punto punto) en el par\u00e1metro de cabecera id MIME en un mensaje multi-parte."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam Anti-Virus, ClamAV, 0.90",
"id": "CVE-2007-0898",
"lastModified": "2024-11-21T00:27:00.443",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-02-16T19:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/32282"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24183"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24187"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24192"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24319"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24332"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24425"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1263"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22581"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017660"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/0623"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/32282"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24183"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24187"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24192"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24332"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24425"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1263"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/22581"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/0623"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32535"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-22"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-16 21:19
Modified
2024-11-21 00:29
Severity ?
Summary
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * | |
| ifenslave | ifenslave | 0.88 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9E081044-20D3-4960-8BAB-6F29092634AC",
"versionEndIncluding": "0.90.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ifenslave:ifenslave:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "91523617-C25A-416A-89AD-C9358CDD68FA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "La funci\u00f3n chm_decompress_stream en libclamav/chmunpack.c de Clam AntiVirus (ClamAV) anterior a 0.90.2 filtra descriptores de fichero, lo cual tiene impacto y vectores de ataque desconocidos relacionados con un archivo CHM manipulado, una vulnerabilidad distinta de CVE-2007-0897. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-1745",
"lastModified": "2024-11-21T00:29:03.847",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.1,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/34913"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24920"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24946"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24996"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25022"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25028"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25189"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/34913"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-28 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php."
}
],
"id": "CVE-2005-1800",
"lastModified": "2024-11-20T23:58:09.870",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-28T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/13796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/13796"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 16:05
Modified
2024-11-21 00:45
Severity ?
Summary
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4CA71C-AF06-4FB8-BF94-AE637D04AFF5",
"versionEndIncluding": "0.92.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C721E8E3-FB32-41A1-B572-7DB06D9ECB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCE173B-6229-42C9-8481-66F5727E464A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar."
},
{
"lang": "es",
"value": "ClamAV antes de 0.93 permite a atacantes remotos evitar el motor de escan\u00e9o a trav\u00e9s de un archivo RAR con un n\u00famero de versi\u00f3n no v\u00e1lido, que no puede ser analizado por ClamAV pero que puede ser extra\u00eddo por Winrar."
}
],
"id": "CVE-2008-1835",
"lastModified": "2024-11-21T00:45:27.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T16:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"source": "secalert@redhat.com",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-07 21:30
Modified
2024-11-21 00:32
Severity ?
Summary
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "El unrar.c en libclamav del ClamAV en versiones anteriores a 0.90.3 y la 0.91 en versiones anteriores a 0.91rc1 permite a atacantes remotos provocar una denegaci\u00f3n del servicio (volado de memoria tras un error en ejecuci\u00f3n) a trav\u00e9s de un fichero RAR manipulado con un valor vm_codesize modificado, lo cual dispara un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2007-3123",
"lastModified": "2024-11-21T00:32:27.587",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/35522"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24289"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/35522"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24289"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 15:05
Modified
2024-11-21 00:45
Severity ?
Summary
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.92.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en libclamav de ClamAV 0.92.1 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de binarios PE comprimidos con WWPack manipulados."
}
],
"id": "CVE-2008-1833",
"lastModified": "2024-11-21T00:45:27.550",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T15:05:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/28798"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019850"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28798"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019850"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-07 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
},
{
"lang": "es",
"value": "El libclamav/others.c del ClamAV en versiones anteriores a la 0.90.3 y la 0.91 en versiones anteriores a la 0.91rc1 usa permisos inseguros para los ficheros temporales que son creados por la funci\u00f3n cli_gentempstream en el clamd/clamdscan, lo cual permitir\u00eda a usuarios locales leer ficheros con informaci\u00f3n sensible."
}
],
"id": "CVE-2007-3024",
"lastModified": "2024-11-21T00:32:13.367",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read."
}
],
"id": "CVE-2005-1923",
"lastModified": "2024-11-20T23:58:25.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=275\u0026type=vulnerabilities"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=275\u0026type=vulnerabilities"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-12-31 05:00
Modified
2024-11-20 23:52
Severity ?
Summary
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm."
}
],
"id": "CVE-2004-1909",
"lastModified": "2024-11-20T23:52:01.983",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 2.6,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:H/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2004-12-31T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11177"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9897"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://secunia.com/advisories/11177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/9897"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-04-06 22:04
Modified
2024-11-21 00:09
Severity ?
Summary
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.80_rc1 | |
| clam_anti-virus | clamav | 0.80_rc2 | |
| clam_anti-virus | clamav | 0.80_rc3 | |
| clam_anti-virus | clamav | 0.80_rc4 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 | |
| clam_anti-virus | clamav | 0.87.1 | |
| clam_anti-virus | clamav | 0.88 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"id": "CVE-2006-1614",
"lastModified": "2024-11-21T00:09:18.553",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-04-06T22:04:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19534"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19536"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19564"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19567"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19570"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19608"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20077"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23719"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015887"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/24457"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.overflow.pl/adv/clamavupxinteger.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/430405/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25660"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19534"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19564"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19567"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19570"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20077"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23719"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/24457"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.overflow.pl/adv/clamavupxinteger.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/430405/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25660"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-14 10:02
Modified
2024-11-21 00:01
Severity ?
Summary
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
],
"id": "CVE-2005-3229",
"lastModified": "2024-11-21T00:01:24.337",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2005-10-14T10:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112879611919750\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112879611919750\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 16:05
Modified
2024-11-21 00:45
Severity ?
Summary
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 | |
| clam_anti-virus | clamav | 0.90rc1 | |
| clam_anti-virus | clamav | 0.91 | |
| clam_anti-virus | clamav | 0.92 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read."
},
{
"lang": "es",
"value": "La funci\u00f3n rfc2231 en message.c en libclamav de ClamAV anterior 0.93, permite a atacantes remotos causar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de un mensaje manipulado que produce una cadena que no termina en null, lo que inicia un desbordamiento de b\u00fafer de lectura."
}
],
"id": "CVE-2008-1836",
"lastModified": "2024-11-21T00:45:27.987",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T16:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"source": "secalert@redhat.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "secalert@redhat.com",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-31 19:46
Modified
2024-11-21 00:40
Severity ?
Summary
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.92 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled."
},
{
"lang": "es",
"value": "ClamAV versi\u00f3n 0.92, permite a los usuarios locales sobrescribir archivos arbitrarios por medio de un ataque de tipo symlink en (1) archivos temporales usados por la funci\u00f3n cli_gentempfd en el archivo libclamav/others.c o en (2) archivos .ascii usados por sigtool, cuando utf16-decode est\u00e1 habilitado."
}
],
"id": "CVE-2007-6595",
"lastModified": "2024-11-21T00:40:31.653",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-31T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28949"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3501"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019148"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28949"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019148"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-16 23:07
Modified
2024-11-21 00:15
Severity ?
Summary
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7A91DF-84B4-4E45-8675-E107D8BCD070",
"versionEndIncluding": "0.88.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4BB686-4159-41D9-9AE2-67AF2FCDE0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected."
},
{
"lang": "es",
"value": "Desbordamiento de entero en ClamAV 0.88.1 y 0.88.4, y otras versiones anteriores a 0.88.5, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio de escaneo) y ejecutar c\u00f3digo de su elecci\u00f3n mediante un Ejecutable Port\u00e1til (Portable Executable, PE) creado artesanalmente, que provoca un desbordamiento de b\u00fafer basado en mont\u00f3n cuando se ha reservado menos memoria de la esperada."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam Anti-Virus, ClamAV, 0.88.5",
"id": "CVE-2006-4182",
"lastModified": "2024-11-21T00:15:19.630",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-16T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22370"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22421"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22488"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22498"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22537"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22551"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22626"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23155"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017068"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20535"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23155"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20535"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-31 19:46
Modified
2024-11-21 00:39
Severity ?
Summary
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| gentoo | linux | * | |
| clam_anti-virus | clamav | 0.91.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:gentoo:linux:*:*:*:*:*:*:*:*",
"matchCriteriaId": "647BA336-5538-4972-9271-383A0EC9378E",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el algoritmo de descompresi\u00f3n bzip2 en nsis/bzlib_private.h de ClamAV anterior a 0.92 tiene impacto y vectores de ataque remotos desconocidos."
}
],
"id": "CVE-2007-6337",
"lastModified": "2024-11-21T00:39:54.363",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-31T19:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/42293"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28153"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28278"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28421"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28587"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019149"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/42293"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019149"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.80 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers."
}
],
"id": "CVE-2005-0133",
"lastModified": "2024-11-20T23:54:29.383",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000928"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000928"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.trustix.org/errata/2005/0003/"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-06-16 21:41
Modified
2024-11-21 00:47
Severity ?
Summary
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read."
},
{
"lang": "es",
"value": "libclamav/petite.c de ClamAV versiones anteriores a 0.93.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio a trav\u00e9s de un fichero Petite manipulado que dispara una lectura fuera del l\u00edmite."
}
],
"id": "CVE-2008-2713",
"lastModified": "2024-11-21T00:47:31.943",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-06-16T21:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30657"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30785"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30829"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/30967"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31091"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31167"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31206"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"source": "cve@mitre.org",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/29750"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1020305"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30657"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30785"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30829"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30967"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31167"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31206"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/29750"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1020305"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-14 16:05
Modified
2024-11-21 00:43
Severity ?
Summary
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.92 | |
| clam_anti-virus | clamav | 0.92.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer en la funci\u00f3n cli_scanpe de libclamav (libclamav/pe.c) para ClamAV 0.92 y 0.92.1, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un archivo Upack PE manipulado."
}
],
"id": "CVE-2008-1100",
"lastModified": "2024-11-21T00:43:40.780",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-14T16:05:00.000",
"references": [
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29000"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29886"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/28756"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.securitytracker.com/id?1019837"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "PSIRT-CNA@flexerasoftware.com",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29000"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29863"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29886"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28756"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019837"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
}
],
"sourceIdentifier": "PSIRT-CNA@flexerasoftware.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2003-12-15 05:00
Modified
2024-11-20 23:45
Severity ?
Summary
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.60p |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
},
{
"lang": "es",
"value": "Vulenrabilidad de formateo de cadenas en clamav-milter para Clam AntiVirus 0.60 hasta la .60p y otras versiones anteriores a la 0.65 permite que atacantes remotos provoquen una denegaci\u00f3n de servicio y posiblmente ejecuten c\u00f3digo arbitrario mediante un especificador de formato de cadena en el argumento FROM de la direcci\u00f3n de email ."
}
],
"id": "CVE-2003-0946",
"lastModified": "2024-11-20T23:45:54.147",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2003-12-15T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=106867135830683\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=106867135830683\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-07 22:30
Modified
2024-11-21 00:32
Severity ?
Summary
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| sun | solaris | * | |
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:sun:solaris:*:*:*:*:*:*:*:*",
"matchCriteriaId": "469B74F2-4B89-42B8-8638-731E92D463B9",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en el libclamav/phishcheck.c del ClamAV en versiones anteriores a 0.90.3 y en la 0.91 en versiones anteriores a 0.91rc1, cuando corre bajo Solaris, permite a atacantes remotos provocar una denegaci\u00f3n del servicio (cuelgue) a trav\u00e9s de vectores desconocidos relativos a la funci\u00f3n isURL y expresiones regulares."
}
],
"id": "CVE-2007-3025",
"lastModified": "2024-11-21T00:32:13.520",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T22:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25525"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-17 10:06
Modified
2024-11-21 00:11
Severity ?
Summary
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.88 | |
| clam_anti-virus | clamxav | 1.0.3h |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamxav:1.0.3h:*:*:*:*:*:*:*",
"matchCriteriaId": "9E9DBEDE-C414-4F98-A52E-30DD7B10B1C0",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file."
}
],
"id": "CVE-2006-2427",
"lastModified": "2024-11-21T00:11:17.730",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.2,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:L/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-17T10:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20085"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/912"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016086"
},
{
"source": "cve@mitre.org",
"url": "http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/20085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securitytracker.com/id?1016086"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-04-16 21:19
Modified
2024-11-21 00:29
Severity ?
Summary
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow."
},
{
"lang": "es",
"value": "Error de presencia de signo en entero en las funciones (1) cab_unstore y (2) cab_extract en libclamav/cab.c de Clam AntiVirus (ClamAV) anterior a 0.90.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo CHM manipulado que contiene un entero negativo, que pasa una comparaci\u00f3n con signo y lleva a un desbordamiento de b\u00fafer basado en pila."
}
],
"id": "CVE-2007-1997",
"lastModified": "2024-11-21T00:29:38.993",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-04-16T21:19:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24891"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24920"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24946"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/24996"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25022"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25028"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25189"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"source": "cve@mitre.org",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1017921"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/24891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/24996"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25022"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25028"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25189"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1017921"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2004-03-30 05:00
Modified
2024-11-20 23:51
Severity ?
Summary
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The \"%f\" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name."
}
],
"id": "CVE-2004-1876",
"lastModified": "2024-11-20T23:51:57.390",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.6,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2004-03-30T05:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=108066864608615\u0026w=2"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11253"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-03.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10007"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15692"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=108066864608615\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/11253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/10007"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15692"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-28 01:17
Modified
2024-11-21 00:35
Severity ?
Summary
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D5A4D304-EEF9-46C3-B058-EC234F815824",
"versionEndIncluding": "0.91.1",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""
},
{
"lang": "es",
"value": "clamav-milter en ClamAV anterior a 0.91.2, cuando funciona en modo agujero negro (black hole), permite a atacantes remotos ejecutar comandos de su elecci\u00f3n a trav\u00e9s de metacaract\u00e9res del int\u00e9rprete de comandos que es utilizado en ciertas llamadas popen, afectando a \"el campo recipiente de sendmail\"."
}
],
"id": "CVE-2007-4560",
"lastModified": "2024-11-21T00:35:53.530",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.6,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-28T01:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26654"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26674"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26683"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26751"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26822"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26916"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3063"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25439"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1018610"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3063"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25439"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1018610"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-78"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-02 04:00
Modified
2024-11-20 23:54
Severity ?
Summary
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.80 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL."
}
],
"id": "CVE-2005-0218",
"lastModified": "2024-11-20T23:54:39.673",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-02T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"source": "cve@mitre.org",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13900/"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/13900/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-05-01 19:06
Modified
2024-11-21 00:10
Severity ?
Summary
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.88 | |
| clam_anti-virus | clamav | 0.88.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam Anti-Virus, ClamAV, 0.88.2",
"id": "CVE-2006-1989",
"lastModified": "2024-11-21T00:10:15.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "HIGH",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 4.9,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-05-01T19:06:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-09.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19874"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19880"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19912"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19963"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/19964"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20117"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20159"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/20877"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1016392"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.clamav.net/security/0.88.2.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1050"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/599220"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/25120"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17754"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/1586"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/2566"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26182"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-09.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19874"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/19880"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19912"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19963"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/19964"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/20877"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1016392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.clamav.net/security/0.88.2.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1050"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.kb.cert.org/vuls/id/599220"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/25120"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/17754"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/1586"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/2566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26182"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-05-27 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
References
| ▼ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://securitytracker.com/id?1014070 | Patch, Vendor Advisory | |
| cve@mitre.org | http://www.sentinelchicken.com/advisories/clamav | Exploit, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://securitytracker.com/id?1014070 | Patch, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.sentinelchicken.com/advisories/clamav | Exploit, Vendor Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8B796948-15AD-4A30-8251-67444175A777",
"versionEndIncluding": "0.84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked."
},
{
"lang": "es",
"value": "La funci\u00f3n filecopy en misc.c en Clam AntiVirus (ClamAV) en versiones anteriores a 0.85, en Mac OS, permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un virus en un nombre de archivo que contiene metacaract\u00e9res shell, que no son manejados adecuadamente cuando permisos HFS impiden que el archivo sea borrado y el mismo se invoca."
}
],
"id": "CVE-2005-1795",
"lastModified": "2024-11-20T23:58:09.210",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-05-27T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014070"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.sentinelchicken.com/advisories/clamav"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://securitytracker.com/id?1014070"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.sentinelchicken.com/advisories/clamav"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-20"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-11-16 07:42
Modified
2024-11-21 00:02
Severity ?
Summary
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.15 | |
| clam_anti-virus | clamav | 0.20 | |
| clam_anti-virus | clamav | 0.21 | |
| clam_anti-virus | clamav | 0.22 | |
| clam_anti-virus | clamav | 0.23 | |
| clam_anti-virus | clamav | 0.24 | |
| clam_anti-virus | clamav | 0.51 | |
| clam_anti-virus | clamav | 0.52 | |
| clam_anti-virus | clamav | 0.53 | |
| clam_anti-virus | clamav | 0.54 | |
| clam_anti-virus | clamav | 0.60 | |
| clam_anti-virus | clamav | 0.65 | |
| clam_anti-virus | clamav | 0.67 | |
| clam_anti-virus | clamav | 0.68 | |
| clam_anti-virus | clamav | 0.68.1 | |
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.71 | |
| clam_anti-virus | clamav | 0.72 | |
| clam_anti-virus | clamav | 0.73 | |
| clam_anti-virus | clamav | 0.74 | |
| clam_anti-virus | clamav | 0.75 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 | |
| clam_anti-virus | clamav | 0.87 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors."
}
],
"id": "CVE-2005-3587",
"lastModified": "2024-11-21T00:02:14.617",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-11-16T07:42:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-04-16 16:05
Modified
2024-11-21 00:45
Severity ?
Summary
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CC4CA71C-AF06-4FB8-BF94-AE637D04AFF5",
"versionEndIncluding": "0.92.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C721E8E3-FB32-41A1-B572-7DB06D9ECB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCE173B-6229-42C9-8481-66F5727E464A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger \"memory problems,\" as demonstrated by the PROTOS GENOME test suite for Archive Formats."
},
{
"lang": "es",
"value": "libclamunrar de ClamAV before 0.93 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) a trav\u00e9s de ficheros RAR manipulados que disparan \"problemas de memoria\", tal como lo demostrado por el paquete de pruebas PROTOS GENOME de Archive Formats."
}
],
"id": "CVE-2008-1837",
"lastModified": "2024-11-21T00:45:28.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-04-16T16:05:00.000",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "secalert@redhat.com",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "secalert@redhat.com",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "secalert@redhat.com",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "secalert@redhat.com",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "secalert@redhat.com",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "secalert@redhat.com",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"source": "secalert@redhat.com",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29891"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/30328"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31576"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
},
{
"lang": "en",
"value": "NVD-CWE-noinfo"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-20 01:46
Modified
2024-11-21 00:39
Severity ?
Summary
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "15D4A58F-9A7C-40CA-940F-ADF8CF91ACB0",
"versionEndIncluding": "0.92",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Desbordamiento de buffer en libclamav en ClamAV , en versiones anteriores a la 0.92. Permite que atacantes remotos ejecuten c\u00f3digo a su elecci\u00f3n, a trav\u00e9s de un fichero PE empaquetado con MEW, lo que provoca un desboramiento de buffer en el heap(pila de datos din\u00e1micos)."
}
],
"id": "CVE-2007-6335",
"lastModified": "2024-11-21T00:39:54.037",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-20T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28117"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28153"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28176"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28278"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28421"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/28587"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26927"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1019112"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28117"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/28587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26927"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1019112"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-07 21:30
Modified
2024-11-21 00:32
Severity ?
Summary
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
},
{
"lang": "es",
"value": "unsp.c en el ClamAV en versiones anteriores a la 0.90.3 y la 0.91 anterior a la 0.91rc1 no calcula adecuadamente el final de ciertos b\u00fafer, lo que tiene un impacto desconocido y vectores de ataque remotos."
}
],
"id": "CVE-2007-3023",
"lastModified": "2024-11-21T00:32:13.203",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 10.0,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 10.0,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36908"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36908"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-06-07 21:30
Modified
2024-11-21 00:32
Severity ?
Summary
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90_rc1.1 | |
| clam_anti-virus | clamav | 0.90_rc2 | |
| clam_anti-virus | clamav | 0.90_rc3 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
},
{
"lang": "es",
"value": "El motor de an\u00e1lisis sint\u00e1ctico del ClamAV anterior al 0.90.3 y el 0.91 anterior al 0.91rc1, permite a atacantes remotos evitar el escaneo mediante un fichero RAR con una bandera de la cabecera con valor 10, lo que puede ser procesado por el WinRAR."
}
],
"id": "CVE-2007-3122",
"lastModified": "2024-11-21T00:32:27.447",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-06-07T21:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/45392"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "cve@mitre.org",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/45392"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25523"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25525"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25688"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/25796"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-07-18 16:41
Modified
2024-11-21 00:48
Severity ?
Summary
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.88.2 | |
| clam_anti-virus | clamav | 0.88.4 | |
| clam_anti-virus | clamav | 0.88.5 | |
| clam_anti-virus | clamav | 0.88.6 | |
| clam_anti-virus | clamav | 0.88.7 | |
| clam_anti-virus | clamav | 0.88.7 | |
| clam_anti-virus | clamav | 0.88.7 | |
| clam_anti-virus | clamav | 0.90 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.1 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90.2 | |
| clam_anti-virus | clamav | 0.90.3 | |
| clam_anti-virus | clamav | 0.90.3 | |
| clam_anti-virus | clamav | 0.90.3 | |
| clam_anti-virus | clamav | 0.91.2 | |
| clam_anti-virus | clamav | 0.92 | |
| clam_anti-virus | clamav | 0.92.1 | |
| clam_anti-virus | clamav | 0.93 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFA6F1E-9F25-400C-B626-3B9EDA396913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p0:*:*:*:*:*:*",
"matchCriteriaId": "B44285AE-655B-4959-A7DC-4FADFF65F7C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "E702EF3E-D8B8-4D98-AFB0-ADB1223BF43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:p0:*:*:*:*:*:*",
"matchCriteriaId": "1BDC65CA-CE5D-4B69-B71B-CEE18DC85945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:p0:*:*:*:*:*:*",
"matchCriteriaId": "E72D92F1-6316-4CCF-89A8-03FBAD10E6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC24A055-278C-4A78-8C68-AC7618EF3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p0:*:*:*:*:*:*",
"matchCriteriaId": "04440EB7-E69B-4994-B058-9B476E061495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "01E81F38-9805-4FD8-8867-48C06762349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:p0:*:*:*:*:*:*",
"matchCriteriaId": "EE5B77A2-99D7-4553-B29F-B9EE15B96218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:p0:*:*:*:*:*:*",
"matchCriteriaId": "D8364198-B569-43FB-A946-A46969BCF2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "40F14DB9-8437-4CEB-9D63-098FD9E604E7",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713."
},
{
"lang": "es",
"value": "libclamav/petite.c en ClamAV anterior a 0.93.3 permite a atacantes remotos causar una denegaci\u00f3n de servicio mediante un fichero Petite mal formado que ocasiona un acceso a memoria fuera del rango. NOTA: este problema existe debido a una reparaci\u00f3n incompleta de CVE-2008-2713."
}
],
"id": "CVE-2008-3215",
"lastModified": "2024-11-21T00:48:43.287",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-07-18T16:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "cve@mitre.org",
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31091"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"source": "cve@mitre.org",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31091"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31437"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/31882"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"US Government Resource"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-11-20 02:46
Modified
2024-11-21 00:39
Severity ?
Summary
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.91.1 | |
| clam_anti-virus | clamav | 0.91.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en ClamAV 0.91.1 y 0.91.2 permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n mediante un mensaje de correo electr\u00f3nico manipulado.\r\nNOTA: Esta informaci\u00f3n se basa en una vaga descripci\u00f3n de una organizaci\u00f3n de venta de informaci\u00f3n de vulnerabilidades que no se coordina con los fabricantes o con los comunicados de correcciones de versiones. Se le asigna un CVE por cuestiones de seguimiento, pero es complicado determinar duplicidad con otros CVEs."
}
],
"id": "CVE-2007-6029",
"lastModified": "2024-11-21T00:39:12.650",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-11-20T02:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"source": "cve@mitre.org",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/26463"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/26463"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-94"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-12-03 17:30
Modified
2024-11-21 00:53
Severity ?
Summary
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "EC7AF1DF-A5B0-4A28-8039-8195135DC02B",
"versionEndIncluding": "0.94.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "5909491A-3D43-4648-B0F9-983BF2BE13B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DB0BD14-60D1-4482-A91E-AFA501DE1F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FFFDE6BB-38A1-4074-A3E1-E59BB5E7ED74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79FC2D39-6F8E-4267-8D4B-0C59D28A0E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89533C50-275D-440D-88B4-363B3DED39E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E787E42E-3339-47FD-904E-5E3C73991CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F21E03C7-0293-402C-ACAE-41E7F11B7AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8BD1ADF-C784-4E43-A6A5-09D416E96AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFA6F1E-9F25-400C-B626-3B9EDA396913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC24A055-278C-4A78-8C68-AC7618EF3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "40F14DB9-8437-4CEB-9D63-098FD9E604E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C92175-5E97-4197-8495-25900134B652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF50FEF-9840-4B6C-BC60-02956F9E3099",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.94:*:*:*:*:*:*:*",
"matchCriteriaId": "67373928-C0E0-4A12-B97A-575EC57E5072",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions."
},
{
"lang": "es",
"value": "Vulnerabilidad de consumo de pila en el archivo libclamav/special.c en ClamAV y versiones anteriores 0.94.2, que permite a los atacantes remotos causar una denegaci\u00f3n de servicios (ca\u00edda de demonio) a trav\u00e9s de un archivo JPEG manipulado, relativo a las funciones cli_check_jpeg_exploit, jpeg_check_photoshop y jpeg_check_photoshop_8bim."
}
],
"id": "CVE-2008-5314",
"lastModified": "2024-11-21T00:53:48.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-12-03T17:30:00.477",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"source": "cve@mitre.org",
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/50363"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32926"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32936"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33016"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33195"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33317"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/32555"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021296"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/50363"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32926"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32936"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33195"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/32555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-07-05 04:00
Modified
2024-11-20 23:58
Severity ?
Summary
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84_rc1 | |
| clam_anti-virus | clamav | 0.84_rc2 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function."
}
],
"id": "CVE-2005-1922",
"lastModified": "2024-11-20T23:58:25.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-07-05T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=336462"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=276\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=336462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://www.idefense.com/application/poi/display?id=276\u0026type=vulnerabilities\u0026flashstatus=true"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-08-03 04:00
Modified
2024-11-20 23:59
Severity ?
Summary
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message."
},
{
"lang": "es",
"value": "M\u00faltiples desbordamientos de b\u00fafer en los procesadores de formato de fichero NEF, CHM y FSG en libclamav for Clam AntiVirus (ClamAV) 0.86.1 y anteriores permite que atacantes remotos ganen privilegios mediante un e-mail ama\u00f1ado."
}
],
"id": "CVE-2005-2450",
"lastModified": "2024-11-20T23:59:34.913",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-08-03T04:00:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000987"
},
{
"source": "cve@mitre.org",
"url": "http://marc.info/?l=bugtraq\u0026m=112230864412932\u0026w=2"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16180"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16229"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16250"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16296"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16458"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200507-25.xml"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=344514"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18257"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18258"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/18259"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14359"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000987"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://marc.info/?l=bugtraq\u0026m=112230864412932\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16180"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16250"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16296"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16458"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200507-25.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=344514"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18258"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/18259"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14359"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21555"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-07-12 16:30
Modified
2024-11-21 00:33
Severity ?
Summary
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
},
{
"lang": "es",
"value": "El m\u00f3dulo RAR VM (unrarvm.c) de Clam Antivirus (ClamAV) anterior a 0.91 permite a atacantes remotos con la intervenci\u00f3n del usuario provocar una denegaci\u00f3n de servicio (ca\u00edda) mediante un archivo RAR manipulado, resultando en una referencia a punero nulo (NULL)."
}
],
"id": "CVE-2007-3725",
"lastModified": "2024-11-21T00:33:55.033",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-07-12T16:30:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"source": "cve@mitre.org",
"url": "http://osvdb.org/36907"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26038"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26164"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26209"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26226"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26231"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26377"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://osvdb.org/36907"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26038"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26164"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26209"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26226"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26231"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26377"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Patch",
"Vendor Advisory"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-08-23 19:17
Modified
2024-11-21 00:35
Severity ?
Summary
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * | |
| kolab | kolab_server | 2.0 | |
| kolab | kolab_server | 2.0.1 | |
| kolab | kolab_server | 2.0.2 | |
| kolab | kolab_server | 2.0.3 | |
| kolab | kolab_server | 2.0.4 | |
| kolab | kolab_server | 2.1 | |
| kolab | kolab_server | 2.2beta1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0A6B4E75-086D-4141-9C09-0C13F5AC2456",
"versionEndIncluding": "0.91.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "B44412B2-C4BE-48E3-9E6F-E76431287A55",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.0.1:*:*:*:*:*:*:*",
"matchCriteriaId": "56D0BD75-65EE-41CA-A646-F476543D5D88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.0.2:*:*:*:*:*:*:*",
"matchCriteriaId": "DB32C390-2F52-420E-AF61-345B086860D9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.0.3:*:*:*:*:*:*:*",
"matchCriteriaId": "C65A4464-1321-4735-9A0E-E4AEBB47AE2A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.0.4:*:*:*:*:*:*:*",
"matchCriteriaId": "6B9E1099-5E39-42BE-B3CF-64CEC56466C7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DA9889A6-0A8C-4313-A976-F641E9190436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:kolab:kolab_server:2.2beta1:*:*:*:*:*:*:*",
"matchCriteriaId": "6C011D46-31F9-47BC-8BF2-682823B0F2DE",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information."
},
{
"lang": "es",
"value": "ClamAV anterior a 0.91.2, usado en Kolab Server 2.0 hasta 2.2.beta1 y otros productos, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) mediante (1) un archivo RTF manipulado, que dispara una referencia a NULL en la funci\u00f3n cli-scanrtf de libclamav/rtf.c; o (2) un documento HTML manipulado con un URI data:, el cual dispara una referencia a NULL en la funci\u00f3n cli_html_normalise de libclamav/htmlnorm.c. NOTA: algunos de estos detalles se han obtenido de informaci\u00f3n de terceros."
}
],
"id": "CVE-2007-4510",
"lastModified": "2024-11-21T00:35:46.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-08-23T19:17:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26530"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26552"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26654"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26674"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26683"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26751"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/26916"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/3054"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"source": "cve@mitre.org",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"source": "cve@mitre.org",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26530"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/26552"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26654"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26674"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26683"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26751"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26822"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/26916"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/3054"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-10-16 23:07
Modified
2024-11-21 00:18
Severity ?
Summary
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8D7A91DF-84B4-4E45-8675-E107D8BCD070",
"versionEndIncluding": "0.88.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4BB686-4159-41D9-9AE2-67AF2FCDE0EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to \"read an invalid memory location.\""
},
{
"lang": "es",
"value": "Vulnerabilidad no especificada en ClamAV anterior a 0.88.5 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda del servicio de escaneo) mediante un archivo de Ayuda HTML comprimida (CHM) creado artesanalmente que hace que ClamAV lea una posici\u00f3n de memoria inv\u00e1lida."
}
],
"evaluatorSolution": "This vulnerability is addressed in the following product release:\r\nClam Anti-Virus, ClamAV, 0.88.5",
"id": "CVE-2006-5295",
"lastModified": "2024-11-21T00:18:38.923",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-10-16T23:07:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22370"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22421"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22488"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22498"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22537"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22551"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/22626"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1017068"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/20537"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22370"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22488"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22498"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22551"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/22626"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1017068"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/20537"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-10-14 19:02
Modified
2024-11-21 00:01
Severity ?
Summary
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | . |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:.:*:*:*:*:*:*:*",
"matchCriteriaId": "1B4BB686-4159-41D9-9AE2-67AF2FCDE0EB",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function."
}
],
"id": "CVE-2005-3239",
"lastModified": "2024-11-21T00:01:25.647",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 7.8,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-10-14T19:02:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17448"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "cve@mitre.org",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/20536"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/15101"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17184"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17448"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17451"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17501"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/17559"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1015154"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/20536"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/15101"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2008-11-13 02:30
Modified
2024-11-21 00:53
Severity ?
Summary
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
References
Impacted products
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B8A8B81E-0C61-4B3E-9BE6-BFE38A154EF0",
"versionEndIncluding": "0.94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.01:*:*:*:*:*:*:*",
"matchCriteriaId": "ACA56643-1912-4D32-84DF-8AF40BE4E90C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.02:*:*:*:*:*:*:*",
"matchCriteriaId": "B853E106-F383-4C22-912D-77276A2DAFC6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.03:*:*:*:*:*:*:*",
"matchCriteriaId": "5265D3FC-EFF7-4661-AD21-01662C05B6D1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.04:*:*:*:*:*:*:*",
"matchCriteriaId": "F76D43F5-A621-4B5C-9FE6-0E650BCF4FC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.05:*:*:*:*:*:*:*",
"matchCriteriaId": "A5C04564-5C90-4058-925C-6BFB3AEECD50",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.06:*:*:*:*:*:*:*",
"matchCriteriaId": "91599B52-AB8A-4423-8B99-2526E43B1C97",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.10:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF8A6B6-D1EC-49F9-BE12-AEF22016BE83",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.11:*:*:*:*:*:*:*",
"matchCriteriaId": "B03FC481-8143-411F-AF74-86433188346D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.12:*:*:*:*:*:*:*",
"matchCriteriaId": "7A6E1E0C-7240-47A7-8C35-2C48D1C56F11",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.13:*:*:*:*:*:*:*",
"matchCriteriaId": "057EEF4D-3101-4575-83E3-34BA2823DE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:*:*:*:*:*:*:*",
"matchCriteriaId": "F86DA3C9-C6D5-4B04-9EAA-54350BE8CB26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:pre:*:*:*:*:*:*",
"matchCriteriaId": "FB031F8A-2D70-46F4-BA98-64CACCF5A394",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
"matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
"matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
"matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
"matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
"matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
"matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
"matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
"matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
"matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
"matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
"matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
"matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
"matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
"matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*",
"matchCriteriaId": "5909491A-3D43-4648-B0F9-983BF2BE13B4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*",
"matchCriteriaId": "3DB0BD14-60D1-4482-A91E-AFA501DE1F14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*",
"matchCriteriaId": "FFFDE6BB-38A1-4074-A3E1-E59BB5E7ED74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*",
"matchCriteriaId": "79FC2D39-6F8E-4267-8D4B-0C59D28A0E27",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "12A4541A-2560-482A-BAEA-275579B499B2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "9006F64F-D72B-49C4-9F51-8AD9273957B5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "A5698AB2-94DE-480D-9E55-C05871562B8C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80_rc4:*:*:*:*:*:*:*",
"matchCriteriaId": "A44C0C8F-750B-4237-9E2F-1BEF67F2BCA5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*",
"matchCriteriaId": "89533C50-275D-440D-88B4-363B3DED39E4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C4CBE9C9-A1DE-4C68-B84D-C735A9A700E3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*",
"matchCriteriaId": "E787E42E-3339-47FD-904E-5E3C73991CA9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*",
"matchCriteriaId": "F21E03C7-0293-402C-ACAE-41E7F11B7AF2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "3E389E1C-46A6-4B5C-9091-8AAE5FFDC4B8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "F1ADBDEE-1421-42E5-8DE2-404087613B75",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*",
"matchCriteriaId": "B8BD1ADF-C784-4E43-A6A5-09D416E96AE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86_rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "0138546B-3704-45FB-8115-05C12F9935D7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
"matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
"matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FFFA6F1E-9F25-400C-B626-3B9EDA396913",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
"matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
"matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
"matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
"matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p0:*:*:*:*:*:*",
"matchCriteriaId": "B44285AE-655B-4959-A7DC-4FADFF65F7C8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:p1:*:*:*:*:*:*",
"matchCriteriaId": "E702EF3E-D8B8-4D98-AFB0-ADB1223BF43E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
"matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
"matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:p0:*:*:*:*:*:*",
"matchCriteriaId": "1BDC65CA-CE5D-4B69-B71B-CEE18DC85945",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
"matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:p0:*:*:*:*:*:*",
"matchCriteriaId": "E72D92F1-6316-4CCF-89A8-03FBAD10E6AA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
"matchCriteriaId": "BC24A055-278C-4A78-8C68-AC7618EF3EF5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p0:*:*:*:*:*:*",
"matchCriteriaId": "04440EB7-E69B-4994-B058-9B476E061495",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:p1:*:*:*:*:*:*",
"matchCriteriaId": "01E81F38-9805-4FD8-8867-48C06762349B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "5B116E9A-0646-4AD5-A531-C35124AB02DC",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "3F3C25BA-72EF-4588-A90A-B323A3407FAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90_rc3:*:*:*:*:*:*:*",
"matchCriteriaId": "01FDAEBC-0B2E-4F60-8B59-13A93B1AF206",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "E021DD71-1845-4899-BB87-8445147AD93F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
"matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
"matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:p0:*:*:*:*:*:*",
"matchCriteriaId": "EE5B77A2-99D7-4553-B29F-B9EE15B96218",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc1:*:*:*:*:*:*:*",
"matchCriteriaId": "C721E8E3-FB32-41A1-B572-7DB06D9ECB74",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91rc2:*:*:*:*:*:*:*",
"matchCriteriaId": "4DCE173B-6229-42C9-8481-66F5727E464A",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
"matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:p0:*:*:*:*:*:*",
"matchCriteriaId": "D8364198-B569-43FB-A946-A46969BCF2F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
"matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
"matchCriteriaId": "40F14DB9-8437-4CEB-9D63-098FD9E604E7",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A4C92175-5E97-4197-8495-25900134B652",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.2:*:*:*:*:*:*:*",
"matchCriteriaId": "4C78BC60-3E5F-4356-B27A-3A38646890E5",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.3:*:*:*:*:*:*:*",
"matchCriteriaId": "5CF50FEF-9840-4B6C-BC60-02956F9E3099",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow."
},
{
"lang": "es",
"value": "Error de superaci\u00f3n de l\u00edmite en la funci\u00f3n get_unicode_name (libclamav/vba_extract.c) en Clam Anti-Virus (ClamAV) antes de v0.94.1 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y puede que ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo de proyecto VBA manipulado lo que dispara un desbordamiento de b\u00fafer basado en mont\u00edculo."
}
],
"id": "CVE-2008-5050",
"lastModified": "2024-11-21T00:53:10.290",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"integrityImpact": "COMPLETE",
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"obtainAllPrivilege": true,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-11-13T02:30:01.027",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32663"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32699"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32765"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/32872"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33016"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33317"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4579"
},
{
"source": "cve@mitre.org",
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"source": "cve@mitre.org",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"source": "cve@mitre.org",
"url": "http://www.securitytracker.com/id?1021159"
},
{
"source": "cve@mitre.org",
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/32663"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32699"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32765"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/32872"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33016"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33317"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/33937"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4579"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://support.apple.com/kb/HT3438"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securitytracker.com/id?1021159"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2007-12-20 01:46
Modified
2024-11-21 00:39
Severity ?
Summary
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | * |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
"matchCriteriaId": "C294BFD9-9AB4-4E4D-AC51-12BF04718B43",
"versionEndIncluding": "0.91",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file."
},
{
"lang": "es",
"value": "Un error por un paso en ClamAV versiones anteriores a 0.92, permite a los atacantes remotos ejecutar c\u00f3digo arbitrario por medio de un archivo CAB comprimido especialmente dise\u00f1ado de MS-ZIP."
}
],
"id": "CVE-2007-6336",
"lastModified": "2024-11-21T00:39:54.200",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2007-12-20T01:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "cve@mitre.org",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28153"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28176"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28278"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28412"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28421"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28587"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "cve@mitre.org",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "cve@mitre.org",
"url": "http://securitytracker.com/id?1019150"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "cve@mitre.org",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28153"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28176"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28278"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28412"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28421"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28587"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/29420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securitytracker.com/id?1019150"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
},
{
"lang": "en",
"value": "CWE-189"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2006-12-10 02:28
Modified
2024-11-21 00:22
Severity ?
Summary
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.88.6 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
"matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
},
{
"lang": "es",
"value": "Clam AntiVirus (ClamAV) 0.88.6 permite a atacantes remotos evitar una detecci\u00f3n de virus, insertando caracteres inv\u00e1lidos en un contenido codificado base64 en un fichero MIME multipart/mixed, como se demuestra con el fichero de testeo EICAR."
}
],
"id": "CVE-2006-6406",
"lastModified": "2024-11-21T00:22:36.700",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2006-12-10T02:28:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23379"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/23460"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/21461"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23362"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23379"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23411"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/23460"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/21461"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2006/5113"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "NVD-CWE-Other"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2005-09-20 23:03
Modified
2024-11-21 00:00
Severity ?
Summary
libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| clam_anti-virus | clamav | 0.70 | |
| clam_anti-virus | clamav | 0.71 | |
| clam_anti-virus | clamav | 0.72 | |
| clam_anti-virus | clamav | 0.73 | |
| clam_anti-virus | clamav | 0.74 | |
| clam_anti-virus | clamav | 0.75 | |
| clam_anti-virus | clamav | 0.75.1 | |
| clam_anti-virus | clamav | 0.80 | |
| clam_anti-virus | clamav | 0.81 | |
| clam_anti-virus | clamav | 0.82 | |
| clam_anti-virus | clamav | 0.83 | |
| clam_anti-virus | clamav | 0.84 | |
| clam_anti-virus | clamav | 0.85 | |
| clam_anti-virus | clamav | 0.85.1 | |
| clam_anti-virus | clamav | 0.86 | |
| clam_anti-virus | clamav | 0.86.1 | |
| clam_anti-virus | clamav | 0.86.2 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
"matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
"matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
"matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
"matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
"matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
"matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
"matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
"matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
"matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
"matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
"matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
"matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
"matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
"matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
"matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
"matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable."
},
{
"lang": "es",
"value": "libclamav/fsg.c en Clam AntiVirus (ClamAV) en versiones anteriores a 0.87 permite a atacantes remotos provocar una denegaci\u00f3n de servicio (bucle infinito) a trav\u00e9s de un ejecutable empaquetado FSG ."
}
],
"id": "CVE-2005-2919",
"lastModified": "2024-11-21T00:00:43.307",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2005-09-20T23:03:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16848"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/16989"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"source": "cve@mitre.org",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"source": "cve@mitre.org",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.osvdb.org/19507"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/14867"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2005/1774"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16848"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/16989"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.osvdb.org/19507"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/14867"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2005/1774"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-17"
},
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
cve-2005-3239
Vulnerability from cvelistv5
Published
2005-10-14 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.203Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17184"
},
{
"name": "15101",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15101"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "17448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17448"
},
{
"name": "20536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20536"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-11-18T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17184"
},
{
"name": "15101",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15101"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "17448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17448"
},
{
"name": "20536",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20536"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3239",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17184"
},
{
"name": "15101",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15101"
},
{
"name": "MDKSA-2005:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "17448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17448"
},
{
"name": "20536",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20536"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566"
},
{
"name": "DSA-887",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "1015154",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3239",
"datePublished": "2005-10-14T04:00:00",
"dateReserved": "2005-10-14T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.203Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3229
Vulnerability from cvelistv5
Published
2005-10-14 04:00
Modified
2024-08-07 23:01
Severity ?
EPSS score ?
Summary
Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper.
References
| ▼ | URL | Tags |
|---|---|---|
| http://shadock.net/secubox/AVCraftedArchive.html | x_refsource_MISC | |
| http://marc.info/?l=bugtraq&m=112879611919750&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.255Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112879611919750\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112879611919750\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3229",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple interpretation error in unspecified versions of ClamAV Antivirus allows remote attackers to bypass virus detection via a malicious executable in a specially crafted RAR file with malformed central and local headers, which can still be opened by products such as Winrar and PowerZip, even though they are rejected as corrupted by Winzip and BitZipper."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://shadock.net/secubox/AVCraftedArchive.html",
"refsource": "MISC",
"url": "http://shadock.net/secubox/AVCraftedArchive.html"
},
{
"name": "20051007 Antivirus detection bypass by special crafted archive.",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112879611919750\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3229",
"datePublished": "2005-10-14T04:00:00",
"dateReserved": "2005-10-14T00:00:00",
"dateUpdated": "2024-08-07T23:01:59.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-2029
Vulnerability from cvelistv5
Published
2007-04-30 22:00
Modified
2024-08-07 13:23
Severity ?
EPSS score ?
Summary
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/34083 | vdb-entry, x_refsource_XF | |
| http://osvdb.org/34916 | vdb-entry, x_refsource_OSVDB | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2007:098 | vendor-advisory, x_refsource_MANDRIVA | |
| http://www.securityfocus.com/bid/23656 | vdb-entry, x_refsource_BID | |
| http://secunia.com/advisories/25189 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25028 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2007/dsa-1281 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamav-pdfhandler-dos(34083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamav-pdfhandler-dos(34083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamav-pdfhandler-dos(34083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"refsource": "OSVDB",
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2029",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-13T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1922
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=276&type=vulnerabilities&flashstatus=true | third-party-advisory, x_refsource_IDEFENSE | |
| http://sourceforge.net/project/shownotes.php?release_id=336462 | x_refsource_CONFIRM | |
| http://www.debian.org/security/2005/dsa-737 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.831Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050629 Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=276\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=336462"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050629 Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=276\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=336462"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1922",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 allows remote attackers to cause a denial of service (file descriptor and memory consumption) via a crafted file that causes repeated errors in the cli_msexpand function."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050629 Clam AntiVirus ClamAV MS-Expand File Handling DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=276\u0026type=vulnerabilities\u0026flashstatus=true"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=336462",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=336462"
},
{
"name": "DSA-737",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1922",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-08T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.831Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4510
Vulnerability from cvelistv5
Published
2007-08-23 19:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamav-rtf-dos(36173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamav-rtf-dos(36173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamav-rtf-dos(36173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-17.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26530"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533658",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4510",
"datePublished": "2007-08-23T19:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-2427
Vulnerability from cvelistv5
Published
2006-05-17 10:00
Modified
2024-08-07 17:51
Severity ?
EPSS score ?
Summary
freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/26453 | vdb-entry, x_refsource_XF | |
| http://securitytracker.com/id?1016086 | vdb-entry, x_refsource_SECTRACK | |
| http://www.securityfocus.com/archive/1/434008/100/0/threaded | mailing-list, x_refsource_BUGTRAQ | |
| http://www.vupen.com/english/advisories/2006/1807 | vdb-entry, x_refsource_VUPEN | |
| http://secunia.com/advisories/20085 | third-party-advisory, x_refsource_SECUNIA | |
| http://securityreason.com/securityalert/912 | third-party-advisory, x_refsource_SREASON | |
| http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt | x_refsource_MISC |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:51:04.688Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamxav-freshclam-insecure-privileges(26453)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
},
{
"name": "1016086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016086"
},
{
"name": "20060515 DMA[2006-0514a] - \u0027ClamAV freshclam incorrect privilege drop\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"name": "ADV-2006-1807",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"name": "20085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20085"
},
{
"name": "912",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/912"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamxav-freshclam-insecure-privileges(26453)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
},
{
"name": "1016086",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016086"
},
{
"name": "20060515 DMA[2006-0514a] - \u0027ClamAV freshclam incorrect privilege drop\u0027",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"name": "ADV-2006-1807",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"name": "20085",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20085"
},
{
"name": "912",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/912"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.digitalmunition.com/DMA%5B2006-0514a%5D.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-2427",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "freshclam in (1) Clam Antivirus (ClamAV) 0.88 and (2) ClamXav 1.0.3h and earlier does not drop privileges before processing the config-file command line option, which allows local users to read portions of arbitrary files when an error message displays the first line of the target file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamxav-freshclam-insecure-privileges(26453)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26453"
},
{
"name": "1016086",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016086"
},
{
"name": "20060515 DMA[2006-0514a] - \u0027ClamAV freshclam incorrect privilege drop\u0027",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/434008/100/0/threaded"
},
{
"name": "ADV-2006-1807",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1807"
},
{
"name": "20085",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20085"
},
{
"name": "912",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/912"
},
{
"name": "http://www.digitalmunition.com/DMA[2006-0514a].txt",
"refsource": "MISC",
"url": "http://www.digitalmunition.com/DMA[2006-0514a].txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-2427",
"datePublished": "2006-05-17T10:00:00",
"dateReserved": "2006-05-17T00:00:00",
"dateUpdated": "2024-08-07T17:51:04.688Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3023
Vulnerability from cvelistv5
Published
2007-06-07 21:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36908",
"refsource": "OSVDB",
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3023",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3025
Vulnerability from cvelistv5
Published
2007-06-07 22:00
Modified
2024-09-17 03:08
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25525 | third-party-advisory, x_refsource_SECUNIA | |
| http://kolab.org/security/kolab-vendor-notice-15.txt | x_refsource_CONFIRM | |
| http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | mailing-list, x_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:55.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-07T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3025",
"datePublished": "2007-06-07T22:00:00Z",
"dateReserved": "2007-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:08:16.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1997
Vulnerability from cvelistv5
Published
2007-04-16 21:00
Modified
2024-08-07 13:13
Severity ?
EPSS score ?
Summary
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1997",
"datePublished": "2007-04-16T21:00:00",
"dateReserved": "2007-04-12T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1989
Vulnerability from cvelistv5
Published
2006-05-01 19:00
Modified
2024-08-07 17:35
Severity ?
EPSS score ?
Summary
Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:35:29.986Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "APPLE-SA-2006-06-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"name": "20159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20159"
},
{
"name": "MDKSA-2006:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
},
{
"name": "VU#599220",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/599220"
},
{
"name": "19963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19963"
},
{
"name": "ADV-2006-1586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1586"
},
{
"name": "clamav-freshclam-http-bo(26182)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26182"
},
{
"name": "1016392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1016392"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "19912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19912"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "19880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19880"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.clamav.net/security/0.88.2.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-09.txt"
},
{
"name": "25120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/25120"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20117"
},
{
"name": "DSA-1050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1050"
},
{
"name": "GLSA-200605-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
},
{
"name": "20877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20877"
},
{
"name": "ADV-2006-2566",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/2566"
},
{
"name": "17754",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17754"
},
{
"name": "19874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19874"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-05-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "APPLE-SA-2006-06-27",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"name": "20159",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20159"
},
{
"name": "MDKSA-2006:080",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
},
{
"name": "VU#599220",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/599220"
},
{
"name": "19963",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19963"
},
{
"name": "ADV-2006-1586",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1586"
},
{
"name": "clamav-freshclam-http-bo(26182)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26182"
},
{
"name": "1016392",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1016392"
},
{
"name": "19964",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19964"
},
{
"name": "2006-0024",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "19912",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19912"
},
{
"name": "SUSE-SA:2006:025",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "19880",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19880"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.clamav.net/security/0.88.2.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-09.txt"
},
{
"name": "25120",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/25120"
},
{
"name": "SUSE-SR:2006:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20117"
},
{
"name": "DSA-1050",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1050"
},
{
"name": "GLSA-200605-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
},
{
"name": "20877",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20877"
},
{
"name": "ADV-2006-2566",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/2566"
},
{
"name": "17754",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17754"
},
{
"name": "19874",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19874"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1989",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the get_database function in the HTTP client in Freshclam in ClamAV 0.80 to 0.88.1 might allow remote web servers to execute arbitrary code via long HTTP headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "APPLE-SA-2006-06-27",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Jun/msg00000.html"
},
{
"name": "20159",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20159"
},
{
"name": "MDKSA-2006:080",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:080"
},
{
"name": "VU#599220",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/599220"
},
{
"name": "19963",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19963"
},
{
"name": "ADV-2006-1586",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1586"
},
{
"name": "clamav-freshclam-http-bo(26182)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/26182"
},
{
"name": "1016392",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1016392"
},
{
"name": "19964",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19964"
},
{
"name": "2006-0024",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0024"
},
{
"name": "19912",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19912"
},
{
"name": "SUSE-SA:2006:025",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_05_05.html"
},
{
"name": "19880",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19880"
},
{
"name": "http://www.clamav.net/security/0.88.2.html",
"refsource": "CONFIRM",
"url": "http://www.clamav.net/security/0.88.2.html"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-09.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-09.txt"
},
{
"name": "25120",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/25120"
},
{
"name": "SUSE-SR:2006:010",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-May/0004.html"
},
{
"name": "20117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20117"
},
{
"name": "DSA-1050",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1050"
},
{
"name": "GLSA-200605-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200605-03.xml"
},
{
"name": "20877",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20877"
},
{
"name": "ADV-2006-2566",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/2566"
},
{
"name": "17754",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17754"
},
{
"name": "19874",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19874"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1989",
"datePublished": "2006-05-01T19:00:00",
"dateReserved": "2006-04-24T00:00:00",
"dateUpdated": "2024-08-07T17:35:29.986Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3725
Vulnerability from cvelistv5
Published
2007-07-12 16:00
Modified
2024-08-07 14:28
Severity ?
EPSS score ?
Summary
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-16.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"refsource": "OSVDB",
"url": "http://osvdb.org/36907"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "http://www.metaeye.org/advisories/54",
"refsource": "MISC",
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3725",
"datePublished": "2007-07-12T16:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0218
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL.
References
| ▼ | URL | Tags |
|---|---|---|
| http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html | mailing-list, x_refsource_FULLDISC | |
| http://sourceforge.net/project/shownotes.php?release_id=300116 | x_refsource_CONFIRM | |
| http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html | mailing-list, x_refsource_FULLDISC | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/13900/ | third-party-advisory, x_refsource_SECUNIA | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:025 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:25.312Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "20050110 Multi-vendor AV gateway image inspection bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"name": "GLSA-200501-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "13900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13900/"
},
{
"name": "MDKSA-2005:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-10T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-10-18T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "20050110 Multi-vendor AV gateway image inspection bypass vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"name": "GLSA-200501-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "13900",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13900/"
},
{
"name": "MDKSA-2005:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0218",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.80 and earlier allows remote attackers to bypass virus scanning via a base64 encoded image in a data: (RFC 2397) URL."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050114 Re: Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0537.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=300116",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "20050110 Multi-vendor AV gateway image inspection bypass vulnerability",
"refsource": "FULLDISC",
"url": "http://seclists.org/lists/fulldisclosure/2005/Jan/0332.html"
},
{
"name": "GLSA-200501-46",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "13900",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13900/"
},
{
"name": "MDKSA-2005:025",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0218",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-02-05T00:00:00",
"dateUpdated": "2024-08-07T21:05:25.312Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-4560
Vulnerability from cvelistv5
Published
2007-08-28 01:00
Modified
2024-08-07 15:01
Severity ?
EPSS score ?
Summary
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26683"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26683"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200709-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26683"
},
{
"name": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26654"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4560",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1795
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.sentinelchicken.com/advisories/clamav | x_refsource_MISC | |
| http://securitytracker.com/id?1014070 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:56.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.sentinelchicken.com/advisories/clamav"
},
{
"name": "1014070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014070"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-13T17:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.sentinelchicken.com/advisories/clamav"
},
{
"name": "1014070",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014070"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1795",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The filecopy function in misc.c in Clam AntiVirus (ClamAV) before 0.85, on Mac OS, allows remote attackers to execute arbitrary code via a virus in a filename that contains shell metacharacters, which are not properly handled when HFS permissions prevent the file from being deleted and ditto is invoked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.sentinelchicken.com/advisories/clamav",
"refsource": "MISC",
"url": "http://www.sentinelchicken.com/advisories/clamav"
},
{
"name": "1014070",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014070"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1795",
"datePublished": "2005-06-01T04:00:00",
"dateReserved": "2005-06-01T00:00:00",
"dateUpdated": "2024-08-07T22:06:56.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-0270
Vulnerability from cvelistv5
Published
2004-09-01 04:00
Modified
2024-08-08 00:10
Severity ?
EPSS score ?
Summary
libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program.
References
| ▼ | URL | Tags |
|---|---|---|
| http://security.gentoo.org/glsa/glsa-200402-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.freebsd.org/cgi/query-pr.cgi?pr=62586 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/9610 | vdb-entry, x_refsource_BID | |
| http://marc.info/?l=bugtraq&m=107634700823822&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.osvdb.org/3894 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15077 | vdb-entry, x_refsource_XF |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T00:10:03.983Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200402-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586"
},
{
"name": "9610",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9610"
},
{
"name": "20040209 clamav 0.65 remote DOS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107634700823822\u0026w=2"
},
{
"name": "3894",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/3894"
},
{
"name": "clam-antivirus-uuencoded-dos(15077)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-02-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2004-08-20T00:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200402-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586"
},
{
"name": "9610",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9610"
},
{
"name": "20040209 clamav 0.65 remote DOS exploit",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=107634700823822\u0026w=2"
},
{
"name": "3894",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/3894"
},
{
"name": "clam-antivirus-uuencoded-dos(15077)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-0270",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a denial of service (crash) via a uuencoded e-mail message with an invalid line length (e.g., a lowercase character), which causes an assert error in clamd that terminates the calling program."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200402-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200402-07.xml"
},
{
"name": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586",
"refsource": "CONFIRM",
"url": "http://www.freebsd.org/cgi/query-pr.cgi?pr=62586"
},
{
"name": "9610",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9610"
},
{
"name": "20040209 clamav 0.65 remote DOS exploit",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=107634700823822\u0026w=2"
},
{
"name": "3894",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/3894"
},
{
"name": "clam-antivirus-uuencoded-dos(15077)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15077"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-0270",
"datePublished": "2004-09-01T04:00:00",
"dateReserved": "2004-03-17T00:00:00",
"dateUpdated": "2024-08-08T00:10:03.983Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1923
Vulnerability from cvelistv5
Published
2005-06-30 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities | third-party-advisory, x_refsource_IDEFENSE | |
| http://www.debian.org/security/2005/dsa-737 | vendor-advisory, x_refsource_DEBIAN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:57.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050629 Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=275\u0026type=vulnerabilities"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-737"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050629 Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=275\u0026type=vulnerabilities"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-737"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1923",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050629 Clam AntiVirus ClamAV Cabinet File Handling DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=275\u0026type=vulnerabilities"
},
{
"name": "DSA-737",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-737"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1923",
"datePublished": "2005-06-30T04:00:00",
"dateReserved": "2005-06-08T00:00:00",
"dateUpdated": "2024-08-07T22:06:57.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1833
Vulnerability from cvelistv5
Published
2008-04-16 15:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1833",
"datePublished": "2008-04-16T15:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:58.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0318
Vulnerability from cvelistv5
Published
2008-02-12 19:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28913"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=575703",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28949"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=209915",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29001"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0318",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6337
Vulnerability from cvelistv5
Published
2007-12-31 19:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"refsource": "OSVDB",
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6337",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2056
Vulnerability from cvelistv5
Published
2005-06-28 04:00
Modified
2024-08-07 22:15
Severity ?
EPSS score ?
Summary
The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.novell.com/linux/security/advisories/2005_38_clamav.html | vendor-advisory, x_refsource_SUSE | |
| http://sourceforge.net/project/shownotes.php?release_id=337279 | x_refsource_CONFIRM | |
| http://secunia.com/advisories/15811 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2005/dsa-737 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.securityfocus.com/bid/14058 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:15:36.832Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200506-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml"
},
{
"name": "SUSE-SA:2005:038",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_38_clamav.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=337279"
},
{
"name": "15811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/15811"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"name": "14058",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14058"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-06-27T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-07-07T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200506-23",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml"
},
{
"name": "SUSE-SA:2005:038",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_38_clamav.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=337279"
},
{
"name": "15811",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/15811"
},
{
"name": "DSA-737",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"name": "14058",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14058"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2056",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The Quantum archive decompressor in Clam AntiVirus (ClamAV) before 0.86.1 allows remote attackers to cause a denial of service (application crash) via a crafted Quantum archive."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200506-23",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200506-23.xml"
},
{
"name": "SUSE-SA:2005:038",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_38_clamav.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=337279",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=337279"
},
{
"name": "15811",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/15811"
},
{
"name": "DSA-737",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-737"
},
{
"name": "14058",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14058"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2056",
"datePublished": "2005-06-28T04:00:00",
"dateReserved": "2005-06-29T00:00:00",
"dateUpdated": "2024-08-07T22:15:36.832Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-0314
Vulnerability from cvelistv5
Published
2008-04-16 15:00
Modified
2024-08-07 07:39
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0314",
"datePublished": "2008-04-16T15:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2920
Vulnerability from cvelistv5
Published
2005-09-20 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_55_clamav.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/16989 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2005/dsa-824 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.kb.cert.org/vuls/id/363713 | third-party-advisory, x_refsource_CERT-VN | |
| http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/16848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.osvdb.org/19506 | vdb-entry, x_refsource_OSVDB | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22307 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/14866 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=356974 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2005/1774 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:30.318Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2005:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "16989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "VU#363713",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/363713"
},
{
"name": "GLSA-200509-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16848"
},
{
"name": "19506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19506"
},
{
"name": "clam-antivirus-upx-bo(22307)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307"
},
{
"name": "14866",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14866"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2005:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "16989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "VU#363713",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/363713"
},
{
"name": "GLSA-200509-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16848"
},
{
"name": "19506",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19506"
},
{
"name": "clam-antivirus-upx-bo(22307)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307"
},
{
"name": "14866",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14866"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2920",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2005:055",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "16989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "VU#363713",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/363713"
},
{
"name": "GLSA-200509-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16848"
},
{
"name": "19506",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19506"
},
{
"name": "clam-antivirus-upx-bo(22307)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22307"
},
{
"name": "14866",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14866"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=356974",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2920",
"datePublished": "2005-09-20T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:30.318Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-2713
Vulnerability from cvelistv5
Published
2008-06-16 21:00
Modified
2024-08-07 09:14
Severity ?
EPSS score ?
Summary
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30657"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-21.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2713",
"datePublished": "2008-06-16T21:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6596
Vulnerability from cvelistv5
Published
2007-12-31 19:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securityreason.com/securityalert/3501 | third-party-advisory, x_refsource_SREASON | |
| http://secunia.com/advisories/29891 | third-party-advisory, x_refsource_SECUNIA | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/39337 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/27064 | vdb-entry, x_refsource_BID | |
| http://www.securitytracker.com/id?1019148 | vdb-entry, x_refsource_SECTRACK | |
| http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/archive/1/485631/100/0/threaded | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6596",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1876
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/11253 | third-party-advisory, x_refsource_SECUNIA | |
| http://security.gentoo.org/glsa/glsa-200405-03.xml | vendor-advisory, x_refsource_GENTOO | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15692 | vdb-entry, x_refsource_XF | |
| http://marc.info/?l=bugtraq&m=108066864608615&w=2 | mailing-list, x_refsource_BUGTRAQ | |
| http://www.securityfocus.com/bid/10007 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:49.059Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "11253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11253"
},
{
"name": "GLSA-200405-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-03.xml"
},
{
"name": "clamantivirus-virusevent-gain-privileges(15692)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15692"
},
{
"name": "20040330 clamd - NEVER use \"%f\" in your \"VirusEvent\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108066864608615\u0026w=2"
},
{
"name": "10007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/10007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The \"%f\" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "11253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11253"
},
{
"name": "GLSA-200405-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200405-03.xml"
},
{
"name": "clamantivirus-virusevent-gain-privileges(15692)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15692"
},
{
"name": "20040330 clamd - NEVER use \"%f\" in your \"VirusEvent\"",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=108066864608615\u0026w=2"
},
{
"name": "10007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/10007"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1876",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The \"%f\" feature in the VirusEvent directive in Clam AntiVirus daemon (clamd) before 0.70 allows local users to execute arbitrary commands via shell metacharacters in a file name."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "11253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11253"
},
{
"name": "GLSA-200405-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200405-03.xml"
},
{
"name": "clamantivirus-virusevent-gain-privileges(15692)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15692"
},
{
"name": "20040330 clamd - NEVER use \"%f\" in your \"VirusEvent\"",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=108066864608615\u0026w=2"
},
{
"name": "10007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/10007"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1876",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:49.059Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5874
Vulnerability from cvelistv5
Published
2006-12-10 02:00
Modified
2024-08-07 20:04
Severity ?
EPSS score ?
Summary
Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/23327 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2006/dsa-1232 | vendor-advisory, x_refsource_DEBIAN | |
| http://www.novell.com/linux/security/advisories/2006_78_clamav.html | vendor-advisory, x_refsource_SUSE | |
| http://www.securityfocus.com/bid/21510 | vdb-entry, x_refsource_BID | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2006:230 | vendor-advisory, x_refsource_MANDRIVA | |
| http://secunia.com/advisories/23411 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/23362 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:04:55.664Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "23327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23327"
},
{
"name": "DSA-1232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1232"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "21510",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21510"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "23327",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23327"
},
{
"name": "DSA-1232",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1232"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "21510",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21510"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5874",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clam AntiVirus (ClamAV) 0.88 and earlier allows remote attackers to cause a denial of service (crash) via a malformed base64-encoded MIME attachment that triggers a null pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "23327",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23327"
},
{
"name": "DSA-1232",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1232"
},
{
"name": "SUSE-SA:2006:078",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "21510",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21510"
},
{
"name": "MDKSA-2006:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "23411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5874",
"datePublished": "2006-12-10T02:00:00",
"dateReserved": "2006-11-14T00:00:00",
"dateUpdated": "2024-08-07T20:04:55.664Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5050
Vulnerability from cvelistv5
Published
2008-11-13 01:00
Modified
2024-08-07 10:40
Severity ?
EPSS score ?
Summary
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33016"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5050",
"datePublished": "2008-11-13T01:00:00",
"dateReserved": "2008-11-12T00:00:00",
"dateUpdated": "2024-08-07T10:40:16.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-5314
Vulnerability from cvelistv5
Published
2008-12-03 17:00
Modified
2024-08-07 10:49
Severity ?
EPSS score ?
Summary
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33016"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"refsource": "OSVDB",
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33317"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5314",
"datePublished": "2008-12-03T17:00:00",
"dateReserved": "2008-12-03T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6335
Vulnerability from cvelistv5
Published
2007-12-20 01:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6335",
"datePublished": "2007-12-20T01:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2450
Vulnerability from cvelistv5
Published
2005-08-03 04:00
Modified
2024-08-07 22:30
Severity ?
EPSS score ?
Summary
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:30:01.841Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "GLSA-200507-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-25.xml"
},
{
"name": "18258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18258"
},
{
"name": "16250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16250"
},
{
"name": "16180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16180"
},
{
"name": "20050725 ClamAV Multiple Rem0te Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112230864412932\u0026w=2"
},
{
"name": "18259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18259"
},
{
"name": "16229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16229"
},
{
"name": "CLSA-2005:987",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000987"
},
{
"name": "16296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16296"
},
{
"name": "18257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/18257"
},
{
"name": "16458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16458"
},
{
"name": "clam-antivirus-file-format-gain-access(21555)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21555"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=344514"
},
{
"name": "14359",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14359"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-07-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SR:2005:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "GLSA-200507-25",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200507-25.xml"
},
{
"name": "18258",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18258"
},
{
"name": "16250",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16250"
},
{
"name": "16180",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16180"
},
{
"name": "20050725 ClamAV Multiple Rem0te Buffer Overflows",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=112230864412932\u0026w=2"
},
{
"name": "18259",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18259"
},
{
"name": "16229",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16229"
},
{
"name": "CLSA-2005:987",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000987"
},
{
"name": "16296",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16296"
},
{
"name": "18257",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/18257"
},
{
"name": "16458",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16458"
},
{
"name": "clam-antivirus-file-format-gain-access(21555)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21555"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=344514"
},
{
"name": "14359",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14359"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2450",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SR:2005:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"
},
{
"name": "GLSA-200507-25",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200507-25.xml"
},
{
"name": "18258",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18258"
},
{
"name": "16250",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16250"
},
{
"name": "16180",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16180"
},
{
"name": "20050725 ClamAV Multiple Rem0te Buffer Overflows",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=112230864412932\u0026w=2"
},
{
"name": "18259",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18259"
},
{
"name": "16229",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16229"
},
{
"name": "CLSA-2005:987",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000987"
},
{
"name": "16296",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16296"
},
{
"name": "18257",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/18257"
},
{
"name": "16458",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16458"
},
{
"name": "clam-antivirus-file-format-gain-access(21555)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/21555"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=344514",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=344514"
},
{
"name": "14359",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14359"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2450",
"datePublished": "2005-08-03T04:00:00",
"dateReserved": "2005-08-03T00:00:00",
"dateUpdated": "2024-08-07T22:30:01.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1389
Vulnerability from cvelistv5
Published
2008-09-04 16:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1389",
"datePublished": "2008-09-04T16:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6406
Vulnerability from cvelistv5
Published
2006-12-10 02:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.104Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "21461",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21461"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23460"
},
{
"name": "ADV-2006-4948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "DSA-1238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
},
{
"name": "23379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23379"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-17T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "21461",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21461"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23460"
},
{
"name": "ADV-2006-4948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "DSA-1238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
},
{
"name": "23379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23379"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6406",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to bypass virus detection by inserting invalid characters into base64 encoded content in a multipart/mixed MIME file, as demonstrated with the EICAR test file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "21461",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21461"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-14.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23460"
},
{
"name": "ADV-2006-4948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "DSA-1238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "SUSE-SA:2006:078",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "20061206 Multiple Vendor Unusual MIME Encoding Content Filter Bypass",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/453654/100/0/threaded"
},
{
"name": "23379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23379"
},
{
"name": "http://www.quantenblog.net/security/virus-scanner-bypass",
"refsource": "MISC",
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6406",
"datePublished": "2006-12-10T02:00:00",
"dateReserved": "2006-12-09T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.104Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6595
Vulnerability from cvelistv5
Published
2007-12-31 19:00
Modified
2024-08-07 16:11
Severity ?
EPSS score ?
Summary
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6595",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3122
Vulnerability from cvelistv5
Published
2007-06-07 21:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"refsource": "OSVDB",
"url": "http://osvdb.org/45392"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3122",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1630
Vulnerability from cvelistv5
Published
2006-04-06 22:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an "invalid memory access."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.904Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "19570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "24459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24459"
},
{
"name": "GLSA-200604-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "clamav-others-dos(25662)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an \"invalid memory access.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "19570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "24459",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24459"
},
{
"name": "GLSA-200604-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "clamav-others-dos(25662)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25662"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1630",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The cli_bitset_set function in libclamav/others.c in Clam AntiVirus (ClamAV) before 0.88.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger an \"invalid memory access.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "19570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19570"
},
{
"name": "http://up2date.astaro.com/2006/05/low_up2date_6202.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "24459",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24459"
},
{
"name": "GLSA-200604-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "clamav-others-dos(25662)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25662"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1630",
"datePublished": "2006-04-06T22:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.904Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6336
Vulnerability from cvelistv5
Published
2007-12-20 01:00
Modified
2024-08-07 16:02
Severity ?
EPSS score ?
Summary
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6336",
"datePublished": "2007-12-20T01:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2003-0946
Vulnerability from cvelistv5
Published
2003-11-18 05:00
Modified
2024-08-08 02:12
Severity ?
EPSS score ?
Summary
Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a "MAIL FROM" command.
References
| ▼ | URL | Tags |
|---|---|---|
| http://sourceforge.net/project/shownotes.php?release_id=197038 | x_refsource_CONFIRM | |
| http://marc.info/?l=bugtraq&m=106867135830683&w=2 | mailing-list, x_refsource_BUGTRAQ |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T02:12:35.486Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
},
{
"name": "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106867135830683\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2003-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-10-17T13:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
},
{
"name": "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://marc.info/?l=bugtraq\u0026m=106867135830683\u0026w=2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2003-0946",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 through 0.60p, and other versions before 0.65, allows remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in the email address argument of a \"MAIL FROM\" command."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=197038",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=197038"
},
{
"name": "20031112 SRT2003-11-11-1151 - clamav-milter remote exploit / DoS",
"refsource": "BUGTRAQ",
"url": "http://marc.info/?l=bugtraq\u0026m=106867135830683\u0026w=2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2003-0946",
"datePublished": "2003-11-18T05:00:00",
"dateReserved": "2003-11-13T00:00:00",
"dateUpdated": "2024-08-08T02:12:35.486Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3303
Vulnerability from cvelistv5
Published
2005-11-05 11:00
Modified
2024-08-07 23:10
Severity ?
EPSS score ?
Summary
The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause "memory corruption" and execute arbitrary code via a crafted FSG 1.33 file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:10:08.593Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "20482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20482"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17184"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "146",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/146"
},
{
"name": "15318",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15318"
},
{
"name": "17448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17448"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "20051104 ZDI-05-002: Clam Antivirus Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause \"memory corruption\" and execute arbitrary code via a crafted FSG 1.33 file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "20482",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20482"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17184"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "146",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/146"
},
{
"name": "15318",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15318"
},
{
"name": "17448",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17448"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "20051104 ZDI-05-002: Clam Antivirus Remote Code Execution",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3303",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The FSG unpacker (fsg.c) in Clam AntiVirus (ClamAV) 0.80 through 0.87 allows remote attackers to cause \"memory corruption\" and execute arbitrary code via a crafted FSG 1.33 file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17451"
},
{
"name": "20482",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20482"
},
{
"name": "GLSA-200511-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "17501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17184"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-05-002.html"
},
{
"name": "MDKSA-2005:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "146",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/146"
},
{
"name": "15318",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15318"
},
{
"name": "17448",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17448"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "20051104 ZDI-05-002: Clam Antivirus Remote Code Execution",
"refsource": "BUGTRAQ",
"url": "http://archives.neohapsis.com/archives/bugtraq/2005-11/0041.html"
},
{
"name": "DSA-887",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3303",
"datePublished": "2005-11-05T11:00:00",
"dateReserved": "2005-10-25T00:00:00",
"dateUpdated": "2024-08-07T23:10:08.593Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1837
Vulnerability from cvelistv5
Published
2008-04-16 16:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-libclamunrar-dos(41870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger \"memory problems,\" as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-libclamunrar-dos(41870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1837",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1100
Vulnerability from cvelistv5
Published
2008-04-14 16:00
Modified
2024-08-07 08:08
Severity ?
EPSS score ?
Summary
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-1100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "http://secunia.com/secunia_research/2008-11/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-1100",
"datePublished": "2008-04-14T16:00:00",
"dateReserved": "2008-02-29T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3500
Vulnerability from cvelistv5
Published
2005-11-05 11:00
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:22.643Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/152"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17184"
},
{
"name": "20483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/20483"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://www.idefense.com/application/poi/display?id=333\u0026type=vulnerabilities"
},
{
"name": "15316",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15316"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-12-20T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "17451",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "152",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/152"
},
{
"name": "17501",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17184"
},
{
"name": "20483",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/20483"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17559"
},
{
"name": "20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://www.idefense.com/application/poi/display?id=333\u0026type=vulnerabilities"
},
{
"name": "15316",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15316"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "DSA-887",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3500",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "17451",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17451"
},
{
"name": "GLSA-200511-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "152",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/152"
},
{
"name": "17501",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17501"
},
{
"name": "17184",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17184"
},
{
"name": "20483",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/20483"
},
{
"name": "MDKSA-2005:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "17559",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17559"
},
{
"name": "20051104 Clam AntiVirus tnef_attachment() DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://www.idefense.com/application/poi/display?id=333\u0026type=vulnerabilities"
},
{
"name": "15316",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15316"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
},
{
"name": "ADV-2005-2294",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/2294"
},
{
"name": "DSA-887",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-887"
},
{
"name": "17434",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17434"
},
{
"name": "1015154",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3500",
"datePublished": "2005-11-05T11:00:00",
"dateReserved": "2005-11-05T00:00:00",
"dateUpdated": "2024-08-07T23:17:22.643Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1387
Vulnerability from cvelistv5
Published
2008-04-16 16:00
Modified
2024-08-07 08:17
Severity ?
EPSS score ?
Summary
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897",
"refsource": "CONFIRM",
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "http://int21.de/cve/CVE-2008-1387-clamav.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1387",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-6029
Vulnerability from cvelistv5
Published
2007-11-20 02:00
Modified
2024-09-16 16:33
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
References
| ▼ | URL | Tags |
|---|---|---|
| http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069 | x_refsource_MISC | |
| http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html | x_refsource_MISC | |
| http://www.securityfocus.com/bid/26463 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-20T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069",
"refsource": "MISC",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"name": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html",
"refsource": "MISC",
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6029",
"datePublished": "2007-11-20T02:00:00Z",
"dateReserved": "2007-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:33:53.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-1614
Vulnerability from cvelistv5
Published
2006-04-06 22:00
Modified
2024-08-07 17:19
Severity ?
EPSS score ?
Summary
Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T17:19:48.729Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "19567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "clamav-pe-overflow(25660)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25660"
},
{
"name": "24457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/24457"
},
{
"name": "1015887",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015887"
},
{
"name": "19570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19570"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "GLSA-200604-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.overflow.pl/adv/clamavupxinteger.txt"
},
{
"name": "20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/430405/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-04-05T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-18T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "19567",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "clamav-pe-overflow(25660)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25660"
},
{
"name": "24457",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/24457"
},
{
"name": "1015887",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015887"
},
{
"name": "19570",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19570"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "GLSA-200604-06",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.overflow.pl/adv/clamavupxinteger.txt"
},
{
"name": "20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/430405/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-1614",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the cli_scanpe function in the PE header parser (libclamav/pe.c) in Clam AntiVirus (ClamAV) before 0.88.1, when ArchiveMaxFileSize is disabled, allows remote attackers to cause a denial of service and possibly execute arbitrary code."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "19567",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19567"
},
{
"name": "17951",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17951"
},
{
"name": "ADV-2006-1258",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1258"
},
{
"name": "ADV-2006-1779",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/1779"
},
{
"name": "TA06-132A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-132A.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=407078\u0026group_id=86638"
},
{
"name": "clamav-pe-overflow(25660)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/25660"
},
{
"name": "24457",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/24457"
},
{
"name": "1015887",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015887"
},
{
"name": "19570",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19570"
},
{
"name": "http://up2date.astaro.com/2006/05/low_up2date_6202.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2006/05/low_up2date_6202.html"
},
{
"name": "GLSA-200604-06",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200604-06.xml"
},
{
"name": "19608",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19608"
},
{
"name": "19534",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19534"
},
{
"name": "19564",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19564"
},
{
"name": "19536",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/19536"
},
{
"name": "APPLE-SA-2006-05-11",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/May/msg00003.html"
},
{
"name": "SUSE-SA:2006:020",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2006-Apr/0002.html"
},
{
"name": "MDKSA-2006:067",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:067"
},
{
"name": "17388",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/17388"
},
{
"name": "DSA-1024",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1024"
},
{
"name": "23719",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23719"
},
{
"name": "20077",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/20077"
},
{
"name": "2006-0020",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0020"
},
{
"name": "http://www.overflow.pl/adv/clamavupxinteger.txt",
"refsource": "MISC",
"url": "http://www.overflow.pl/adv/clamavupxinteger.txt"
},
{
"name": "20060406 [Overflow.pl] Clam AntiVirus Win32-UPX Heap Overflow (not default configuration)",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/430405/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-1614",
"datePublished": "2006-04-06T22:00:00",
"dateReserved": "2006-04-05T00:00:00",
"dateUpdated": "2024-08-07T17:19:48.729Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-4182
Vulnerability from cvelistv5
Published
2006-10-16 23:00
Modified
2024-08-07 18:57
Severity ?
EPSS score ?
Summary
Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T18:57:46.415Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22370"
},
{
"name": "VU#180864",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"name": "SUSE-SA:2006:060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "MDKSA-2006:184",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "22421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22421"
},
{
"name": "20061016 Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"name": "ADV-2006-4264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23155"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "20535",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20535"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "GLSA-200610-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "1017068",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "clamav-rebuildpe-bo(29607)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
},
{
"name": "22551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4750",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22370"
},
{
"name": "VU#180864",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"name": "SUSE-SA:2006:060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "MDKSA-2006:184",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "22421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22421"
},
{
"name": "20061016 Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"name": "ADV-2006-4264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "23155",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23155"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "20535",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20535"
},
{
"name": "APPLE-SA-2006-11-28",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "GLSA-200610-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "TA06-333A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "1017068",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "clamav-rebuildpe-bo(29607)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
},
{
"name": "22551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-4182",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in ClamAV 0.88.1 and 0.88.4, and other versions before 0.88.5, allows remote attackers to cause a denial of service (scanning service crash) and execute arbitrary code via a crafted Portable Executable (PE) file that leads to a heap-based buffer overflow when less memory is allocated than expected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4750",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4750"
},
{
"name": "ADV-2006-4034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22370"
},
{
"name": "VU#180864",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/180864"
},
{
"name": "SUSE-SA:2006:060",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=304829",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=304829"
},
{
"name": "MDKSA-2006:184",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "22421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22421"
},
{
"name": "20061016 Clam AntiVirus ClamAV rebuildpe Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=422"
},
{
"name": "ADV-2006-4264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "23155",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23155"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "20535",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20535"
},
{
"name": "APPLE-SA-2006-11-28",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2006/Nov/msg00001.html"
},
{
"name": "GLSA-200610-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "TA06-333A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA06-333A.html"
},
{
"name": "1017068",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "clamav-rebuildpe-bo(29607)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29607"
},
{
"name": "22551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-4182",
"datePublished": "2006-10-16T23:00:00",
"dateReserved": "2006-08-16T00:00:00",
"dateUpdated": "2024-08-07T18:57:46.415Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1711
Vulnerability from cvelistv5
Published
2005-05-24 04:00
Modified
2024-09-16 17:33
Severity ?
EPSS score ?
Summary
Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected.
References
| ▼ | URL | Tags |
|---|---|---|
| http://securitytracker.com/id?1014030 | vdb-entry, x_refsource_SECTRACK |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:59:24.199Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-05-24T04:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "1014030",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1014030"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1711",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to 0.81 for Squid, uses a defunct ClamAV method to scan memory for viruses, which does not return an error code and prevents viruses from being detected."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "1014030",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1014030"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1711",
"datePublished": "2005-05-24T04:00:00Z",
"dateReserved": "2005-05-24T00:00:00Z",
"dateUpdated": "2024-09-16T17:33:14.334Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-1800
Vulnerability from cvelistv5
Published
2005-06-01 04:00
Modified
2024-08-07 22:06
Severity ?
EPSS score ?
Summary
Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php.
References
| ▼ | URL | Tags |
|---|---|---|
| http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html | mailing-list, x_refsource_FULLDISC | |
| http://www.securityfocus.com/bid/13796 | vdb-entry, x_refsource_BID |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:06:56.918Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20050529 XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html"
},
{
"name": "13796",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/13796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-05-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-08-16T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20050529 XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html"
},
{
"name": "13796",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/13796"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-1800",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 to 0.5.1 allows remote attackers to inject arbitrary web script or HTML via the term parameter in a view or ViewTerm action to index.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20050529 XSS Bug in Jaws Glossary Action: ViewTerm ( v 0.4 - 0.5.1 (latest version))",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2005-May/034354.html"
},
{
"name": "13796",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/13796"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-1800",
"datePublished": "2005-06-01T04:00:00",
"dateReserved": "2005-06-01T00:00:00",
"dateUpdated": "2024-08-07T22:06:56.918Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-0133
Vulnerability from cvelistv5
Published
2005-02-06 05:00
Modified
2024-08-07 21:05
Severity ?
EPSS score ?
Summary
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.trustix.org/errata/2005/0003/ | vendor-advisory, x_refsource_TRUSTIX | |
| http://sourceforge.net/project/shownotes.php?release_id=300116 | x_refsource_CONFIRM | |
| http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml | vendor-advisory, x_refsource_GENTOO | |
| http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000928 | vendor-advisory, x_refsource_CONECTIVA | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:025 | vendor-advisory, x_refsource_MANDRAKE |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:05:24.496Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "GLSA-200501-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "CLA-2005:928",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA",
"x_transferred"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000928"
},
{
"name": "MDKSA-2005:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-01-31T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-02-15T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "2005-0003",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "GLSA-200501-46",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "CLA-2005:928",
"tags": [
"vendor-advisory",
"x_refsource_CONECTIVA"
],
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000928"
},
{
"name": "MDKSA-2005:025",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0133",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "2005-0003",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2005/0003/"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=300116",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=300116"
},
{
"name": "GLSA-200501-46",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200501-46.xml"
},
{
"name": "CLA-2005:928",
"refsource": "CONECTIVA",
"url": "http://distro.conectiva.com.br/atualizacoes/?id=a\u0026anuncio=000928"
},
{
"name": "MDKSA-2005:025",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:025"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0133",
"datePublished": "2005-02-06T05:00:00",
"dateReserved": "2005-01-21T00:00:00",
"dateUpdated": "2024-08-07T21:05:24.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1835
Vulnerability from cvelistv5
Published
2008-04-16 16:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "clamav-rar-weak-security(41874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "clamav-rar-weak-security(41874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1835",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3024
Vulnerability from cvelistv5
Published
2007-06-07 22:00
Modified
2024-08-07 13:57
Severity ?
EPSS score ?
Summary
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
References
| ▼ | URL | Tags |
|---|---|---|
| http://secunia.com/advisories/25796 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.novell.com/linux/security/advisories/2007_33_clamav.html | vendor-advisory, x_refsource_SUSE | |
| http://secunia.com/advisories/25525 | third-party-advisory, x_refsource_SECUNIA | |
| http://secunia.com/advisories/25523 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2007/dsa-1320 | vendor-advisory, x_refsource_DEBIAN | |
| http://kolab.org/security/kolab-vendor-notice-15.txt | x_refsource_CONFIRM | |
| http://secunia.com/advisories/25688 | third-party-advisory, x_refsource_SECUNIA | |
| http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html | mailing-list, x_refsource_MLIST | |
| https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517 | x_refsource_CONFIRM | |
| http://www.securityfocus.com/bid/24358 | vdb-entry, x_refsource_BID | |
| http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200706-05.xml | vendor-advisory, x_refsource_GENTOO |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:55.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3024",
"datePublished": "2007-06-07T22:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:55.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-3123
Vulnerability from cvelistv5
Published
2007-06-07 21:00
Modified
2024-08-07 14:05
Severity ?
EPSS score ?
Summary
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"refsource": "OSVDB",
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3123",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2004-1909
Vulnerability from cvelistv5
Published
2005-05-10 04:00
Modified
2024-08-08 01:07
Severity ?
EPSS score ?
Summary
Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm.
References
| ▼ | URL | Tags |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/15553 | vdb-entry, x_refsource_XF | |
| http://www.securityfocus.com/bid/9897 | vdb-entry, x_refsource_BID | |
| http://freshmeat.net/projects/clamav/?branch_id=29355&release_id=154462 | x_refsource_CONFIRM | |
| http://security.gentoo.org/glsa/glsa-200404-07.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/11177 | third-party-advisory, x_refsource_SECUNIA |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-08T01:07:48.955Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clam-antivirus-rar-dos(15553)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
},
{
"name": "9897",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/9897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462"
},
{
"name": "GLSA-200404-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"name": "11177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/11177"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2004-04-07T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clam-antivirus-rar-dos(15553)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
},
{
"name": "9897",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/9897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462"
},
{
"name": "GLSA-200404-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"name": "11177",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/11177"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2004-1909",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to cause a denial of service (crash) via certain RAR archives, such as those generated by the Beagle/Bagle worm."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clam-antivirus-rar-dos(15553)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15553"
},
{
"name": "9897",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/9897"
},
{
"name": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462",
"refsource": "CONFIRM",
"url": "http://freshmeat.net/projects/clamav/?branch_id=29355\u0026release_id=154462"
},
{
"name": "GLSA-200404-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200404-07.xml"
},
{
"name": "11177",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/11177"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2004-1909",
"datePublished": "2005-05-10T04:00:00",
"dateReserved": "2005-05-04T00:00:00",
"dateUpdated": "2024-08-08T01:07:48.955Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-3215
Vulnerability from cvelistv5
Published
2008-07-18 16:00
Modified
2024-08-07 09:28
Severity ?
EPSS score ?
Summary
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31091"
},
{
"name": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html",
"refsource": "CONFIRM",
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3215",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-6481
Vulnerability from cvelistv5
Published
2006-12-12 01:00
Modified
2024-08-07 20:26
Severity ?
EPSS score ?
Summary
Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T20:26:46.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/31283"
},
{
"name": "21609",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/21609"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23460"
},
{
"name": "23347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23347"
},
{
"name": "23404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23404"
},
{
"name": "ADV-2006-4948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "23417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23417"
},
{
"name": "GLSA-200612-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-18.xml"
},
{
"name": "2006-0072",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0072/"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "23379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23379"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/23362"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-12-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-12-16T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31283",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/31283"
},
{
"name": "21609",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/21609"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23460"
},
{
"name": "23347",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23347"
},
{
"name": "23404",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23404"
},
{
"name": "ADV-2006-4948",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1238",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "23417",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23417"
},
{
"name": "GLSA-200612-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200612-18.xml"
},
{
"name": "2006-0072",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0072/"
},
{
"name": "SUSE-SA:2006:078",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "23379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23379"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/23362"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-6481",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Clam AntiVirus (ClamAV) 0.88.6 allows remote attackers to cause a denial of service (stack overflow and application crash) by wrapping many layers of multipart/mixed content around a document, a different vulnerability than CVE-2006-5874 and CVE-2006-6406."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31283",
"refsource": "OSVDB",
"url": "http://osvdb.org/31283"
},
{
"name": "21609",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/21609"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-14.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-14.txt"
},
{
"name": "23460",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23460"
},
{
"name": "23347",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23347"
},
{
"name": "23404",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23404"
},
{
"name": "ADV-2006-4948",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4948"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1238",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1238"
},
{
"name": "23417",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23417"
},
{
"name": "GLSA-200612-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200612-18.xml"
},
{
"name": "2006-0072",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0072/"
},
{
"name": "SUSE-SA:2006:078",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_78_clamav.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "23379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23379"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://www.quantenblog.net/security/virus-scanner-bypass",
"refsource": "MISC",
"url": "http://www.quantenblog.net/security/virus-scanner-bypass"
},
{
"name": "MDKSA-2006:230",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:230"
},
{
"name": "ADV-2006-5113",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/5113"
},
{
"name": "23411",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23411"
},
{
"name": "23362",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/23362"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-6481",
"datePublished": "2006-12-12T01:00:00",
"dateReserved": "2006-12-11T00:00:00",
"dateUpdated": "2024-08-07T20:26:46.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-5295
Vulnerability from cvelistv5
Published
2006-10-16 23:00
Modified
2024-08-07 19:48
Severity ?
EPSS score ?
Summary
Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to "read an invalid memory location."
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T19:48:28.537Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2006-4034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22370"
},
{
"name": "SUSE-SA:2006:060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"name": "20537",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/20537"
},
{
"name": "MDKSA-2006:184",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "clamav-chm-dos(29608)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
},
{
"name": "22421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22421"
},
{
"name": "ADV-2006-4264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "GLSA-200610-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "1017068",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "22551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/22498"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-10-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to \"read an invalid memory location.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2006-4034",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22370"
},
{
"name": "SUSE-SA:2006:060",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"name": "20537",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/20537"
},
{
"name": "MDKSA-2006:184",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "clamav-chm-dos(29608)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
},
{
"name": "22421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22421"
},
{
"name": "ADV-2006-4264",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "GLSA-200610-10",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "1017068",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "22551",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/22498"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-5295",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ClamAV before 0.88.5 allows remote attackers to cause a denial of service (scanning service crash) via a crafted Compressed HTML Help (CHM) file that causes ClamAV to \"read an invalid memory location.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2006-4034",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4034"
},
{
"name": "22488",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22488"
},
{
"name": "22370",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22370"
},
{
"name": "SUSE-SA:2006:060",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2006_60_clamav.html"
},
{
"name": "20061016 Clam AntiVirus ClamAV CHM Chunk Name Length DoS Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=423"
},
{
"name": "20537",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/20537"
},
{
"name": "MDKSA-2006:184",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:184"
},
{
"name": "22626",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22626"
},
{
"name": "ADV-2006-4136",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4136"
},
{
"name": "clamav-chm-dos(29608)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/29608"
},
{
"name": "22421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22421"
},
{
"name": "ADV-2006-4264",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/4264"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-13.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-13.txt"
},
{
"name": "GLSA-200610-10",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200610-10.xml"
},
{
"name": "1017068",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1017068"
},
{
"name": "DSA-1196",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-1196"
},
{
"name": "22551",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22551"
},
{
"name": "22537",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22537"
},
{
"name": "22498",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/22498"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-5295",
"datePublished": "2006-10-16T23:00:00",
"dateReserved": "2006-10-16T00:00:00",
"dateUpdated": "2024-08-07T19:48:28.537Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2008-1836
Vulnerability from cvelistv5
Published
2008-04-16 16:00
Modified
2024-08-07 08:40
Severity ?
EPSS score ?
Summary
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "clamav-rfc2231-dos(41868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "clamav-rfc2231-dos(41868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1836",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:58.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-3587
Vulnerability from cvelistv5
Published
2005-11-16 07:37
Modified
2024-08-07 23:17
Severity ?
EPSS score ?
Summary
Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml | vendor-advisory, x_refsource_GENTOO | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:205 | vendor-advisory, x_refsource_MANDRIVA | |
| http://sourceforge.net/project/shownotes.php?release_id=368319 | x_refsource_CONFIRM |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:17:23.419Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-11-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-02-13T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200511-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "MDKSA-2005:205",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3587",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Improper boundary checks in petite.c in Clam AntiVirus (ClamAV) before 0.87.1 allows attackers to perform unknown attacks via unknown vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200511-04",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200511-04.xml"
},
{
"name": "MDKSA-2005:205",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:205"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=368319",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=368319"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3587",
"datePublished": "2005-11-16T07:37:00",
"dateReserved": "2005-11-16T00:00:00",
"dateUpdated": "2024-08-07T23:17:23.419Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2006-0162
Vulnerability from cvelistv5
Published
2006-01-10 19:00
Modified
2024-08-07 16:25
Severity ?
EPSS score ?
Summary
Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:25:34.032Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "342",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/342"
},
{
"name": "GLSA-200601-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml"
},
{
"name": "18478",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18478"
},
{
"name": "18379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18379"
},
{
"name": "ADV-2006-0116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2006/0116"
},
{
"name": "16191",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/16191"
},
{
"name": "18453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18453"
},
{
"name": "2006-0002",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "1015457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015457"
},
{
"name": "18463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18463"
},
{
"name": "clamav-libclamav-upx-bo(24047)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24047"
},
{
"name": "22318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/22318"
},
{
"name": "DSA-947",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2006/dsa-947"
},
{
"name": "20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.clamav.net/doc/0.88/ChangeLog"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html"
},
{
"name": "18548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/18548"
},
{
"name": "MDKSA-2006:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:016"
},
{
"name": "VU#385908",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/385908"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2006-01-09T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-19T15:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "342",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/342"
},
{
"name": "GLSA-200601-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml"
},
{
"name": "18478",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18478"
},
{
"name": "18379",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18379"
},
{
"name": "ADV-2006-0116",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2006/0116"
},
{
"name": "16191",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/16191"
},
{
"name": "18453",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18453"
},
{
"name": "2006-0002",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "1015457",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015457"
},
{
"name": "18463",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18463"
},
{
"name": "clamav-libclamav-upx-bo(24047)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24047"
},
{
"name": "22318",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/22318"
},
{
"name": "DSA-947",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2006/dsa-947"
},
{
"name": "20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.clamav.net/doc/0.88/ChangeLog"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html"
},
{
"name": "18548",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/18548"
},
{
"name": "MDKSA-2006:016",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:016"
},
{
"name": "VU#385908",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/385908"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2006-0162",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in libclamav/upx.c in Clam Antivirus (ClamAV) before 0.88 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted UPX files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "342",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/342"
},
{
"name": "GLSA-200601-07",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200601-07.xml"
},
{
"name": "18478",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18478"
},
{
"name": "18379",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18379"
},
{
"name": "ADV-2006-0116",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2006/0116"
},
{
"name": "16191",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/16191"
},
{
"name": "18453",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18453"
},
{
"name": "2006-0002",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2006/0002/"
},
{
"name": "1015457",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015457"
},
{
"name": "18463",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18463"
},
{
"name": "clamav-libclamav-upx-bo(24047)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/24047"
},
{
"name": "22318",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/22318"
},
{
"name": "DSA-947",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2006/dsa-947"
},
{
"name": "20060112 ZDI-06-001: Clam AntiVirus UPX Unpacking Code Execution Vulnerability",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2006-January/041325.html"
},
{
"name": "http://www.clamav.net/doc/0.88/ChangeLog",
"refsource": "CONFIRM",
"url": "http://www.clamav.net/doc/0.88/ChangeLog"
},
{
"name": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html",
"refsource": "MISC",
"url": "http://www.zerodayinitiative.com/advisories/ZDI-06-001.html"
},
{
"name": "18548",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/18548"
},
{
"name": "MDKSA-2006:016",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2006:016"
},
{
"name": "VU#385908",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/385908"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2006-0162",
"datePublished": "2006-01-10T19:00:00",
"dateReserved": "2006-01-10T00:00:00",
"dateUpdated": "2024-08-07T16:25:34.032Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-1745
Vulnerability from cvelistv5
Published
2007-04-16 21:00
Modified
2024-08-07 13:06
Severity ?
EPSS score ?
Summary
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"refsource": "OSVDB",
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1745",
"datePublished": "2007-04-16T21:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2007-0898
Vulnerability from cvelistv5
Published
2007-02-16 19:00
Modified
2024-08-07 12:34
Severity ?
EPSS score ?
Summary
Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T12:34:21.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamav-mimeheader-directory-traversal(32535)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32535"
},
{
"name": "24187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24187"
},
{
"name": "24192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24192"
},
{
"name": "22581",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/22581"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1263"
},
{
"name": "1017660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017660"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "24332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24332"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "24425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24425"
},
{
"name": "SUSE-SA:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html"
},
{
"name": "GLSA-200703-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml"
},
{
"name": "MDKSA-2007:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043"
},
{
"name": "24319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24319"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "32282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/32282"
},
{
"name": "24183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24183"
},
{
"name": "20070215 Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476"
},
{
"name": "ADV-2007-0623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/0623"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-02-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamav-mimeheader-directory-traversal(32535)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32535"
},
{
"name": "24187",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24187"
},
{
"name": "24192",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24192"
},
{
"name": "22581",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/22581"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1263",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1263"
},
{
"name": "1017660",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017660"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "24332",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24332"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "24425",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24425"
},
{
"name": "SUSE-SA:2007:017",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html"
},
{
"name": "GLSA-200703-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml"
},
{
"name": "MDKSA-2007:043",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043"
},
{
"name": "24319",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24319"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "32282",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/32282"
},
{
"name": "24183",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24183"
},
{
"name": "20070215 Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476"
},
{
"name": "ADV-2007-0623",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/0623"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-0898",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Directory traversal vulnerability in clamd in Clam AntiVirus ClamAV before 0.90 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the id MIME header parameter in a multi-part message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamav-mimeheader-directory-traversal(32535)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/32535"
},
{
"name": "24187",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24187"
},
{
"name": "24192",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24192"
},
{
"name": "22581",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/22581"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "DSA-1263",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1263"
},
{
"name": "1017660",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017660"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "24332",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24332"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "24425",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24425"
},
{
"name": "SUSE-SA:2007:017",
"refsource": "SUSE",
"url": "http://lists.suse.com/archive/suse-security-announce/2007-Feb/0004.html"
},
{
"name": "GLSA-200703-03",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200703-03.xml"
},
{
"name": "MDKSA-2007:043",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:043"
},
{
"name": "24319",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24319"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "32282",
"refsource": "OSVDB",
"url": "http://osvdb.org/32282"
},
{
"name": "24183",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24183"
},
{
"name": "20070215 Multiple Vendor ClamAV MIME Parsing Directory Traversal Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=476"
},
{
"name": "ADV-2007-0623",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/0623"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-0898",
"datePublished": "2007-02-16T19:00:00",
"dateReserved": "2007-02-13T00:00:00",
"dateUpdated": "2024-08-07T12:34:21.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2005-2919
Vulnerability from cvelistv5
Published
2005-09-20 04:00
Modified
2024-08-07 22:53
Severity ?
EPSS score ?
Summary
libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable.
References
| ▼ | URL | Tags |
|---|---|---|
| http://www.novell.com/linux/security/advisories/2005_55_clamav.html | vendor-advisory, x_refsource_SUSE | |
| http://www.osvdb.org/19507 | vdb-entry, x_refsource_OSVDB | |
| http://secunia.com/advisories/16989 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.debian.org/security/2005/dsa-824 | vendor-advisory, x_refsource_DEBIAN | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/22308 | vdb-entry, x_refsource_XF | |
| http://www.mandriva.com/security/advisories?name=MDKSA-2005:166 | vendor-advisory, x_refsource_MANDRAKE | |
| http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml | vendor-advisory, x_refsource_GENTOO | |
| http://secunia.com/advisories/16848 | third-party-advisory, x_refsource_SECUNIA | |
| http://www.securityfocus.com/bid/14867 | vdb-entry, x_refsource_BID | |
| http://sourceforge.net/project/shownotes.php?release_id=356974 | x_refsource_CONFIRM | |
| http://www.vupen.com/english/advisories/2005/1774 | vdb-entry, x_refsource_VUPEN |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T22:53:29.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "SUSE-SA:2005:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "19507",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/19507"
},
{
"name": "16989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "clam-antivirus-fsg-dos(22308)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
},
{
"name": "MDKSA-2005:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"name": "GLSA-200509-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/16848"
},
{
"name": "14867",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/14867"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-09-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-10T14:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "SUSE-SA:2005:055",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "19507",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/19507"
},
{
"name": "16989",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "clam-antivirus-fsg-dos(22308)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
},
{
"name": "MDKSA-2005:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"name": "GLSA-200509-13",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/16848"
},
{
"name": "14867",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/14867"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-2919",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to cause a denial of service (infinite loop) via a crafted FSG packed executable."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "SUSE-SA:2005:055",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2005_55_clamav.html"
},
{
"name": "19507",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/19507"
},
{
"name": "16989",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16989"
},
{
"name": "DSA-824",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-824"
},
{
"name": "clam-antivirus-fsg-dos(22308)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/22308"
},
{
"name": "MDKSA-2005:166",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:166"
},
{
"name": "GLSA-200509-13",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml"
},
{
"name": "16848",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/16848"
},
{
"name": "14867",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/14867"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=356974",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=356974"
},
{
"name": "ADV-2005-1774",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1774"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-2919",
"datePublished": "2005-09-20T04:00:00",
"dateReserved": "2005-09-15T00:00:00",
"dateUpdated": "2024-08-07T22:53:29.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}