FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-03-28 15:43:32 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
1db7ecf5-fd24-11d9-b4d6-0007e900f87bclamav -- multiple remote buffer overflows

An Secunia Advisory reports:

Neel Mehta and Alex Wheeler have reported some vulnerabilities in Clam AntiVirus, which can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

  1. Two integer overflow errors in "libclamav/tnef.c" when processing TNEF files can be exploited to cause a heap-based buffer overflow via a specially crafted TNEF file with a length value of -1 in the header.
  2. An integer overflow error in "libclamav/chmunpack.c" can be exploited to cause a heap-based buffer overflow via a specially crafted CHM file with a chunk entry that has a filename length of -1.
  3. A boundary error in "libclamav/fsg.c" when processing a FSG compressed file can cause a heap-based buffer overflow.

Discovery 2005-07-24
Entry 2005-07-25
clamav
< 0.86.2

clamav-devel
le 20050704

http://www.rem0te.com/public/images/clamav.pdf
http://secunia.com/advisories/16180/
24b64fb0-af1d-11dd-8a16-001b1116b350clamav -- off-by-one heap overflow in VBA project parser

Advisory from Moritz Jodeit, November 8th, 2008:

ClamAV contains an off-by-one heap overflow vulnerability in the code responsible for parsing VBA project files. Successful exploitation could allow an attacker to execute arbitrary code with the privileges of the `clamd' process by sending an email with a prepared attachment.

A VBA project file embedded inside an OLE2 office document send as an attachment can trigger the off-by-one.

Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:

libclamav/vba_extract.c: get_unicode_name off-by-one, bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<


Discovery 2008-11-08
Entry 2008-11-10
clamav
< 0.94.1

clamav-devel
< 20081105

http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050
271498a9-2cd4-11da-a263-0001020eed82clamav -- arbitrary code execution and DoS vulnerabilities

Gentoo Linux Security Advisory reports:

Clam AntiVirus is vulnerable to a buffer overflow in "libclamav/upx.c" when processing malformed UPX-packed executables. It can also be sent into an infinite loop in "libclamav/fsg.c" when processing specially-crafted FSG-packed executables.

By sending a specially-crafted file an attacker could execute arbitrary code with the permissions of the user running Clam AntiVirus, or cause a Denial of Service.


Discovery 2005-09-16
Entry 2005-09-24
Modified 2005-10-22
clamav
< 0.87

clamav-devel
< 20050917

363713
CVE-2005-2919
CVE-2005-2920
http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
2a6106c6-73e5-11ec-8fa2-0800270512f4clamav -- invalid pointer read that may cause a crash

Laurent Delosieres reports:

Fix for invalid pointer read that may cause a crash. This issue affects 0.104.1, 0.103.4 and prior when ClamAV is compiled with libjson-c and the CL_SCAN_GENERAL_COLLECT_METADATA scan option (the clamscan --gen-json option) is enabled.


Discovery 2022-01-12
Entry 2022-01-12
clamav
< 0.104.2,1

clamav-lts
< 0.103.5,1

CVE-2022-20698
https://blog.clamav.net/2022/01/clamav-01035-and-01042-security-patch.html
342d2e48-26db-11db-9275-000475abc56fclamav -- heap overflow vulnerability

Clamav team reports:

A heap overflow vulnerability was discovered in libclamav which could cause a denial of service or allow the execution of arbitrary code.

The problem is specifically located in the PE file rebuild function used by the UPX unpacker.

Relevant code from libclamav/upx.c:

memcpy(dst, newbuf, foffset); *dsize = foffset; free(newbuf); cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n"); return 1;

Due to improper validation it is possible to overflow the above memcpy() beyond the allocated memory block.


Discovery 2006-08-07
Entry 2006-08-08
clamav
ge 0.88.1 lt 0.88.4

clamav-devel
< 20060808

CVE-2006-4018
http://www.clamav.net/security/0.88.4.html
3d0428b2-fdfb-11e4-894f-d050996490d0clamav -- multiple vulnerabilities

ClamAV project reports:

ClamAV 0.98.7 is here! This release contains new scanning features and bug fixes.

Fix infinite loop condition on crafted y0da cryptor file. Identified and patch suggested by Sebastian Andrzej Siewior. CVE-2015-2221.

Fix crash on crafted petite packed file. Reported and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2222.

Fix an infinite loop condition on a crafted "xz" archive file. This was reported by Dimitri Kirchner and Goulven Guiheux. CVE-2015-2668.

Apply upstream patch for possible heap overflow in Henry Spencer's regex library. CVE-2015-2305.

Fix crash in upx decoder with crafted file. Discovered and patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.


Discovery 2015-04-29
Entry 2015-05-19
clamav
< 0.98.7

clamav-devel
gt 0

CVE-2015-2170
CVE-2015-2221
CVE-2015-2222
CVE-2015-2305
CVE-2015-2668
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
589d8053-0b03-11dd-b4ef-00e07dc4ec84clamav -- Multiple Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) or to compromise a vulnerable system.

1) A boundary error exists within the "cli_scanpe()" function in libclamav/pe.c. This can be exploited to cause a heap-based buffer overflow via a specially crafted "Upack" executable.

Successful exploitation allows execution of arbitrary code.

2) A boundary error within the processing of PeSpin packed executables in libclamav/spin.c can be exploited to cause a heap-based buffer overflow.

Successful exploitation may allow execution of arbitrary code.

3) An unspecified error in the processing of ARJ files can be exploited to hang ClamAV.


Discovery 2008-04-15
Entry 2008-04-15
clamav
< 0.93

clamav-devel
< 20080415

CVE-2008-1100
CVE-2008-1387
http://secunia.com/advisories/29000
612a34ec-81dc-11da-a043-0002a5c3d308clamav -- possible heap overflow in the UPX code

The Zero Day Initiative reports:

This vulnerability allows remote attackers to execute arbitrary code on vulnerable Clam AntiVirus installations. Authentication is not required to exploit this vulnerability.

This specific flaw exists within libclamav/upx.c during the unpacking of executable files compressed with UPX. Due to an invalid size calculation during a data copy from the user-controlled file to heap allocated memory, an exploitable memory corruption condition is created.


Discovery 2006-01-09
Entry 2006-01-10
Modified 2006-01-15
clamav
< 0.88

clamav-devel
< 20060110

16191
CVE-2006-0162
http://lurker.clamav.net/message/20060109.213247.a16ae8db.en.html
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
http://secunia.com/advisories/18379/
6a5174bd-c580-11da-9110-00123ffe8333clamav -- Multiple Vulnerabilities

Secunia reports:

Some vulnerabilities have been reported in ClamAV, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system.

An unspecified integer overflow error exists in the PE header parser in "libclamav/pe.c". Successful exploitation requires that the ArchiveMaxFileSize option is disabled.

Some format string errors in the logging handling in "shared/output.c" may be exploited to execute arbitrary code.

An out-of-bounds memory access error in the "cli_bitset_test()" function in "ibclamav/others.c" may be exploited to cause a crash.


Discovery 2006-04-06
Entry 2006-04-06
clamav
< 0.88.1

clamav-devel
le 20051104_1

CVE-2006-1614
CVE-2006-1615
CVE-2006-1630
http://secunia.com/advisories/19534/
http://www.us.debian.org/security/2006/dsa-1024
6ade62d9-0f62-11ea-9673-4c72b94353b5clamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports:

A Denial-of-Service (DoS) vulnerability may occur when scanning a specially crafted email file as a result of excessively long scan times. The issue is resolved by implementing several maximums in parsing MIME messages and by optimizing use of memory allocation.


Discovery 2019-09-06
Entry 2019-11-25
clamav
< 0.102.1,1

https://blog.clamav.net/2019/11/clamav-01021-and-01015-patches-have.html
CVE-2019-15961
6d18fe19-ee67-11d9-8310-0001020eed82clamav -- MS-Expand file handling DoS vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition.

The vulnerability specifically exists due to improper behavior during exceptional conditions.

Successful exploitation allows attackers to exhaust file descriptors pool and memory. Anti-virus detection functionality will fail if there is no file descriptors available with which to open files. Remote exploitation can be achieved by sending a malicious file in an e-mail message or during an HTTP session.


Discovery 2005-06-29
Entry 2005-07-06
clamav
< 0.86

clamav-devel
< 20050620

CVE-2005-1922
http://marc.theaimsgroup.com/?l=bugtraq&m=112006402411598
70b62f5e-9e2e-11d9-a256-0001020eed82clamav -- zip handling DoS vulnerability

The clamav daemon is vulnerable to a DoS vulnerability due to insufficient handling of malformed zip files which can crash the clamav daemon.


Discovery 2005-01-27
Entry 2005-03-26
Modified 2005-04-09
clamav
< 0.81

clamav-devel
< 20050408

12408
CVE-2005-0133
http://sourceforge.net/project/shownotes.php?release_id=300116
74a9541d-5d6c-11d8-80e3-0020ed76ef5aclamav remote denial-of-service

clamav will exit when a programming assertion is not met. A malformed uuencoded message can trigger this assertion, allowing an attacker to trivially crash clamd or other components of clamav.


Discovery 2004-02-09
Entry 2004-02-12
Modified 2004-06-27
clamav
< 0.65_7

ports/62586
http://www.securityfocus.com/archive/1/353186
http://www.osvdb.org/3894
9610
http://secunia.com/advisories/10826
CVE-2004-0270
http://xforce.iss.net/xforce/xfdb/15077
8012a79d-5d21-11db-bb8d-00123ffe8333clamav -- CHM unpacker and PE rebuilding vulnerabilities

Secunia reports:

Two vulnerabilities have been reported in Clam AntiVirus, which potentially can be exploited by malicious people to cause a DoS (Denial of Service) or compromise a vulnerable system.

1) An unspecified error in the CHM unpacker in chmunpack.c can be exploited to cause a DoS.

2) An unspecified error in rebuildpe.c when rebuilding PE files after unpacking can be exploited to cause a heap-based buffer overflow.


Discovery 2006-10-15
Entry 2006-10-16
clamav
< 0.88.5

clamav-devel
le 20060922

http://secunia.com/advisories/22370/
http://lurker.clamav.net/message/20061016.015114.dc6a8930.en.html
http://sourceforge.net/project/shownotes.php?release_id=455799
84ce26c3-5769-11e9-abd6-001b217b3468clamav -- multiple vulnerabilities

Clamav reports:

An out-of-bounds heap read condition may occur when scanning PDF documents

An out-of-bounds heap read condition may occur when scanning PE files

An out-of-bounds heap write condition may occur when scanning OLE2 files

An out-of-bounds heap read condition may occur when scanning malformed PDF documents

A path-traversal write condition may occur as a result of improper input validation when scanning RAR archives

A use-after-free condition may occur as a result of improper error handling when scanning nested RAR archives


Discovery 2019-03-29
Entry 2019-04-05
clamav
< 0.101.2,1

https://blog.clamav.net/2019/03/clamav-01012-and-01003-patches-have.html
CVE-2019-1787
CVE-2019-1789
CVE-2019-1788
CVE-2019-1786
CVE-2019-1785
CVE-2019-1798
8b812395-c739-11e8-ab5b-9c5c8e75236aclamav -- multiple vulnerabilities

Joel Esler reports:

  • CVE-2018-15378:
    • Vulnerability in ClamAV's MEW unpacking feature that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device.
    • Reported by Secunia Research at Flexera.
  • Fix for a 2-byte buffer over-read bug in ClamAV&s PDF parsing code.
    • Reported by Alex Gaynor.
  • CVE-2018-14680:
    • An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. It does not reject blank CHM filenames.
  • CVE-2018-14681:
    • An issue was discovered in kwajd_read_headers in mspack/kwajd.c in libmspack before 0.7alpha. Bad KWAJ file header extensions could cause a one or two byte overwrite.
  • CVE-2018-14682:
    • An issue was discovered in mspack/chmd.c in libmspack before 0.7alpha. There is an off-by-one error in the TOLOWER() macro for CHM decompression. Additionally, 0.100.2 reverted 0.100.1's patch for CVE-2018-14679, and applied libmspack's version of the fix in its place.

Discovery 2018-10-03
Entry 2018-10-03
Modified 2020-06-24
clamav
< 0.100.2

https://blog.clamav.net/2018/10/clamav-01002-has-been-released.html
CVE-2018-15378
CVE-2018-14680
CVE-2018-14681
CVE-2018-14682
903654bd-1927-11dc-b8a0-02e0185f8d72clamav -- multiple vulnerabilities

Clamav had been found vulnerable to multiple vulnerabilities:

  • Improper checking for the end of an buffer causing an unspecified attack vector.
  • Insecure temporary file handling, which could be exploited to read sensitive information.
  • A flaw in the parser engine which could allow a remote attacker to bypass the scanning of RAR files.
  • A flaw in libclamav/unrar.c which could cause a remote Denial of Service (DoS) by sending a specially crafted RAR file with a modified vm_codesize.
  • A flaw in the OLE2 parser which could cause a remote Denial of Service (DoS).

Discovery 2007-04-18
Entry 2007-06-19
clamav
< 0.90.3

CVE-2007-2650
CVE-2007-3023
CVE-2007-3024
CVE-2007-3122
CVE-2007-3123
http://news.gmane.org/gmane.comp.security.virus.clamav.devel/cutoff=2853
91ce95d5-cd15-4105-b942-af5ccc7144c1clamav -- multiple vulnerabilities

Micah Snyder reports:

CVE-2020-3327: Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.2 that could cause a denial-of-service condition. Improper bounds checking of an unsigned variable results in an out-of-bounds read which causes a crash. Special thanks to Daehui Chang and Fady Othman for helping identify the ARJ parsing vulnerability.

CVE-2020-3341: Fixed a vulnerability in the PDF-parsing module in ClamAV 0.101 - 0.102.2 that could cause a denial-of-service condition. Improper size checking of a buffer used to initialize AES decryption routines results in an out-of-bounds read, which may cause a crash. OSS-Fuzz discovered this vulnerability.


Discovery 2020-05-12
Entry 2020-05-14
clamav
< 0.102.3,1

https://blog.clamav.net/2020/05/clamav-01023-security-patch-released.html
CVE-2020-3327
CVE-2020-3341
9ae2c00f-97d0-11eb-8cd6-080027f515eaclamav -- Multiple vulnerabilites

Micah Snyder reports:

CVE-2021-1252
Excel XLM parser infinite loop
CVE-2021-1404
PDF parser buffer over-read; possible crash.
CVE-2021-1405
Mail parser NULL-dereference crash.

Discovery 2021-04-07
Entry 2021-04-07
clamav
< 0.103.2,1

CVE-2021-1252
CVE-2021-1404
CVE-2021-1405
https://blog.clamav.net/2021/04/clamav-01032-security-patch-release.html
b088bf48-da3b-11da-93e0-00123ffe8333clamav -- Freshclam HTTP Header Buffer Overflow Vulnerability

Secunia reports:

A vulnerability has been reported in ClamAV, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially to compromise a vulnerable system.

The vulnerability is caused due to a boundary error within the HTTP client in the Freshclam command line utility. This can be exploited to cause a stack-based buffer overflow when the HTTP headers received from a web server exceeds 8KB.

Successful exploitation requires that Freshclam is used to download virus signature updates from a malicious mirror web server e.g. via DNS poisoning.


Discovery 2006-05-01
Entry 2006-05-03
clamav
ge 0.80 lt 0.88.2

clamav-devel
ge 20040826 lt 20060502

CVE-2006-1989
http://www.clamav.net/security/0.88.2.html
http://secunia.com/advisories/19880/
b2407db1-d79f-11ec-a15f-589cfc0f81b0clamav -- Multiple vulnerabilities

The ClamAV project reports:

Fixed a possible double-free vulnerability in the OLE2 file parser. Issue affects versions 0.104.0 through 0.104.2. Issue identified by OSS-Fuzz.

Fixed a possible infinite loop vulnerability in the CHM file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.

Fixed a possible NULL-pointer dereference crash in the scan verdict cache check. Issue affects versions 0.103.4, 0.103.5, 0.104.1, and 0.104.2. Thank you to Alexander Patrakov and Antoine Gatineau for reporting this issue.

Fixed a possible infinite loop vulnerability in the TIFF file parser. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. The issue only occurs if the "--alert-broken-media" ClamScan option is enabled. For ClamD, the affected option is "AlertBrokenMedia yes", and for libclamav it is the "CL_SCAN_HEURISTIC_BROKEN_MEDIA" scan option. Thank you to Michał Dardas for reporting this issue.

Fixed a possible memory leak in the HTML file parser / Javascript normalizer. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.

Fixed a possible multi-byte heap buffer overflow write vulnerability in the signature database load module. The fix was to update the vendored regex library to the latest version. Issue affects versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions. Thank you to Michał Dardas for reporting this issue.


Discovery 2022-05-04
Entry 2022-05-19
clamav
< 0.104.3,1

clamav-lts
< 0.103.6,1

CVE-2022-20803
CVE-2022-20770
CVE-2022-20796
CVE-2022-20771
CVE-2022-20785
CVE-2022-20792
https://blog.clamav.net/2022/05/clamav-01050-01043-01036-released.html#more
b464f61b-84c7-4e1c-8ad4-6cf9efffd025clamav -- multiple vulnerabilities

ClamAV project reports:

Join us as we welcome ClamAV 0.99.3 to the family!.

This release is a security release and is recommended for all ClamAV users.

CVE-2017-12374 ClamAV UAF (use-after-free) Vulnerabilities

CVE-2017-12375 ClamAV Buffer Overflow Vulnerability

CVE-2017-12376 ClamAV Buffer Overflow in handle_pdfname Vulnerability

CVE-2017-12377 ClamAV Mew Packet Heap Overflow Vulnerability

CVE-2017-12378 ClamAV Buffer Over Read Vulnerability

CVE-2017-12379 ClamAV Buffer Overflow in messageAddArgument Vulnerability

CVE-2017-12380 ClamAV Null Dereference Vulnerability


Discovery 2018-01-25
Entry 2018-01-26
clamav
< 0.99.3

http://blog.clamav.net/2018/01/clamav-0993-has-been-released.html
CVE-2017-12374
CVE-2017-12375
CVE-2017-12376
CVE-2017-12377
CVE-2017-12378
CVE-2017-12379
CVE-2017-12380
b6f6da57-680a-11dc-b350-001921ab2fa4clamav -- multiple remote Denial of Service vulnerabilities

BugTraq reports:

ClamAV is prone to multiple denial-of-service vulnerabilities.

A successful attack may allow an attacker to crash the application and deny service to users.


Discovery 2007-08-21
Entry 2007-09-21
clamav
< 0.91.2

25398
CVE-2007-4510
be4b0529-dbaf-11dc-9791-000ea6702141clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

iDefense Security Advisory 02.12.08:

Remote exploitation of an integer overflow vulnerability in Clam AntiVirus' ClamAV, as included in various vendors' operating system distributions, allows attackers to execute arbitrary code with the privileges of the affected process.

The vulnerability exists within the code responsible for parsing and scanning PE files. While iterating through all sections contained in the PE file, several attacker controlled values are extracted from the file. On each iteration, arithmetic operations are performed without taking into consideration 32-bit integer wrap.

Since insufficient integer overflow checks are present, an attacker can cause a heap overflow by causing a specially crafted Petite packed PE binary to be scanned. This results in an exploitable memory corruption condition.

Exploitation of this vulnerability results in the execution of arbitrary code with the privileges of the process using libclamav. In the case of the clamd program, this will result in code execution with the privileges of the clamav user. Unsuccessful exploitation results in the clamd process crashing.

Workaround

Disabling the scanning of PE files will prevent exploitation.

If using clamscan, this can be done by running clamscan with the '--no-pe' option.

If using clamdscan, set the 'ScanPE' option in the clamd.conf file to 'no'.


Discovery 2008-01-07
Entry 2008-02-15
clamav
ge 0.92 lt 0.92.1

CVE-2008-0318
http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
d1e9d8c5-839b-11e8-9610-9c5c8e75236aclamav -- multiple vulnerabilities

Joel Esler reports:

3 security fixes in this release:

  • CVE-2017-16932: Vulnerability in libxml2 dependency (affects ClamAV on Windows only).
  • CVE-2018-0360: HWP integer overflow, infinite loop vulnerability. Reported by Secunia Research at Flexera.
  • CVE-2018-0361: ClamAV PDF object length check, unreasonably long time to parse relatively small file. Report ed by aCaB.

Discovery 2018-07-09
Entry 2018-07-09
clamav
< 0.100.1

https://blog.clamav.net/2018/07/clamav-01001-has-been-released.html
CVE-2017-16932
CVE-2018-0360
CVE-2018-0361
d8e1aadd-ee68-11d9-8310-0001020eed82clamav -- cabinet file handling DoS vulnerability

An iDEFENSE Security Advisory reports:

Remote exploitation of an input validation error in Clam AntiVirus ClamAV allows attackers to cause a denial of service condition.

The vulnerability specifically exists due to insufficient validation on cabinet file header data. The ENSURE_BITS() macro fails to check for zero length reads, allowing a carefully constructed cabinet file to cause an infinite loop.

ClamAV is used in a number of mail gateway products. Successful exploitation requires an attacker to send a specially constructed CAB file through a mail gateway or personal anti-virus client utilizing the ClamAV scanning engine. The infinate loop will cause the ClamAV software to use all available processor resources, resulting in a denial of service or severe degradation to system performance. Remote exploitation can be achieved by sending a malicious file in an e-mail message or during an HTTP session.


Discovery 2005-06-29
Entry 2005-07-06
clamav
< 0.86

clamav-devel
< 20050620

CVE-2005-1923
http://marc.theaimsgroup.com/?l=bugtraq&m=112006456809016
da5c4072-8082-11dd-9c8c-001c2514716cclamav -- CHM Processing Denial of Service

Hanno Boeck reports:

A fuzzing test showed weakness in the chm parser of clamav, which can possibly be exploited. The clamav team has disabled the chm module in older versions though freshclam updates and has released 0.94 with a fixed parser.


Discovery 2008-07-09
Entry 2008-09-12
clamav
< 0.94

clamav-devel
< 20080902

CVE-2008-1389
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
dbd1f627-c43b-11e9-a923-9c5c8e75236aclamav -- multiple vulnerabilities

Micah Snyder reports:

  • An out of bounds write was possible within ClamAV&s NSIS bzip2 library when attempting decompression in cases where the number of selectors exceeded the max limit set by the library (CVE-2019-12900). The issue has been resolved by respecting that limit.
  • The zip bomb vulnerability mitigated in 0.101.3 has been assigned the CVE identifier CVE-2019-12625. Unfortunately, a workaround for the zip-bomb mitigation was immediately identified. To remediate the zip-bomb scan time issue, a scan time limit has been introduced in 0.101.4. This limit now resolves ClamAV's vulnerability to CVE-2019-12625.

Discovery 2019-08-21
Entry 2019-08-21
clamav
< 0.101.4,1

clamav-milter
< 0.101.4,1

CVE-2019-12625
https://blog.clamav.net/2019/08/clamav-01014-security-patch-release-has.html
CVE-2019-12900
e7bc2b99-485a-11ea-bff9-9c5c8e75236aclamav -- Denial-of-Service (DoS) vulnerability

Micah Snyder reports:

A denial-of-service (DoS) condition may occur when using the optional credit card data-loss-prevention (DLP) feature. Improper bounds checking of an unsigned variable resulted in an out-of-bounds read, which causes a crash.


Discovery 2020-02-05
Entry 2020-02-05
clamav
< 0.102.2,1

https://blog.clamav.net/2020/02/clamav-01022-security-patch-released.html
CVE-2020-3123
eb12ebee-b7af-11e1-b5e0-000c299b62e1clamav -- multiple vulnerabilities

MITRE Advisories report:

The TAR parser allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence.

The TAR parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field that exceeds the total TAR file size.

The Microsoft CHM file parser allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file.

The TAR file parser allows remote attackers to bypass malware detection via a TAR archive entry with a length field corresponding to that entire entry, plus part of the header ofxi the next entry.


Discovery 2012-03-19
Entry 2012-06-16
clamav
< 0.97.5

clamav-devel
< 20120612

CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
eb5124a4-8a20-11db-b033-00123ffe8333clamav -- Multipart Nestings Denial of Service

Secunia reports:

Clam AntiVirus have a vulnerability, which can be exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to a stack overflow when scanning messages with deeply nested multipart content. This can be exploited to crash the service by sending specially crafted emails to a vulnerable system.


Discovery 2006-12-06
Entry 2006-12-12
Modified 2013-06-19
clamav
< 0.88.7

clamav-devel
le 20061029

CVE-2006-6481
http://secunia.com/advisories/23347/
http://www.quantenblog.net/security/virus-scanner-bypass
f7a02651-c798-11ea-81d6-6805cabe6ebbclamav -- multiple vulnerabilities

Micah Snyder reports:

CVE-2020-3350
Fixed a vulnerability a malicious user could exploit to replace a scan target's directory with a symlink to another path to trick clamscan, clamdscan, or clamonacc into removing or moving a different file (such as a critical system file). The issue would affect users that use the --move or --remove options for clamscan, clamdscan and clamonacc.
CVE-2020-3327
Fixed a vulnerability in the ARJ archive-parsing module in ClamAV 0.102.3 that could cause a denial-of-service (DoS) condition. Improper bounds checking resulted in an out-of-bounds read that could cause a crash. The previous fix for this CVE in version 0.102.3 was incomplete. This fix correctly resolves the issue.
CVE-2020-3481
Fixed a vulnerability in the EGG archive module in ClamAV 0.102.0 - 0.102.3 that could cause a denial-of-service (DoS) condition. Improper error handling could cause a crash due to a NULL pointer dereference. This vulnerability is mitigated for those using the official ClamAV signature databases because the file type signatures in daily.cvd will not enable the EGG archive parser in affected versions.

Discovery 2020-07-16
Entry 2020-07-16
clamav
< 0.102.4,1

https://blog.clamav.net/2020/07/clamav-01024-security-patch-released.html
CVE-2020-3350
CVE-2020-3327
CVE-2020-3481