VuXML ID | Description |
da5c4072-8082-11dd-9c8c-001c2514716c | clamav -- CHM Processing Denial of Service
Hanno Boeck reports:
A fuzzing test showed weakness in the chm parser of
clamav, which can possibly be exploited. The clamav
team has disabled the chm module in older versions
though freshclam updates and has released 0.94 with
a fixed parser.
Discovery 2008-07-09 Entry 2008-09-12 clamav
< 0.94
clamav-devel
< 20080902
CVE-2008-1389
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
|
612a34ec-81dc-11da-a043-0002a5c3d308 | clamav -- possible heap overflow in the UPX code
The Zero Day Initiative reports:
This vulnerability allows remote attackers to execute
arbitrary code on vulnerable Clam AntiVirus
installations. Authentication is not required to exploit
this vulnerability.
This specific flaw exists within libclamav/upx.c during
the unpacking of executable files compressed with UPX. Due
to an invalid size calculation during a data copy from the
user-controlled file to heap allocated memory, an
exploitable memory corruption condition is created.
Discovery 2006-01-09 Entry 2006-01-10 Modified 2006-01-15 clamav
< 0.88
clamav-devel
< 20060110
16191
CVE-2006-0162
http://lurker.clamav.net/message/20060109.213247.a16ae8db.en.html
http://www.zerodayinitiative.com/advisories/ZDI-06-001.html
http://secunia.com/advisories/18379/
|
eb5124a4-8a20-11db-b033-00123ffe8333 | clamav -- Multipart Nestings Denial of Service
Secunia reports:
Clam AntiVirus have a vulnerability, which can be exploited by
malicious people to cause a DoS (Denial of Service).
The vulnerability is caused due to a stack overflow when scanning
messages with deeply nested multipart content. This can be
exploited to crash the service by sending specially crafted emails
to a vulnerable system.
Discovery 2006-12-06 Entry 2006-12-12 Modified 2013-06-19 clamav
< 0.88.7
clamav-devel
le 20061029
CVE-2006-6481
http://secunia.com/advisories/23347/
http://www.quantenblog.net/security/virus-scanner-bypass
|
342d2e48-26db-11db-9275-000475abc56f | clamav -- heap overflow vulnerability
Clamav team reports:
A heap overflow vulnerability was discovered in libclamav
which could cause a denial of service or allow the
execution of arbitrary code.
The problem is specifically located in the PE file rebuild
function used by the UPX unpacker.
Relevant code from libclamav/upx.c:
memcpy(dst, newbuf, foffset);
*dsize = foffset;
free(newbuf);
cli_dbgmsg("UPX: PE structure rebuilt from compressed file\n");
return 1;
Due to improper validation it is possible to overflow the above
memcpy() beyond the allocated memory block.
Discovery 2006-08-07 Entry 2006-08-08 clamav
ge 0.88.1 lt 0.88.4
clamav-devel
< 20060808
CVE-2006-4018
http://www.clamav.net/security/0.88.4.html
|
3d0428b2-fdfb-11e4-894f-d050996490d0 | clamav -- multiple vulnerabilities
ClamAV project reports:
ClamAV 0.98.7 is here! This release contains new
scanning features and bug fixes.
Fix infinite loop condition on crafted y0da cryptor file.
Identified and patch suggested by Sebastian Andrzej Siewior.
CVE-2015-2221.
Fix crash on crafted petite packed file. Reported and patch
supplied by Sebastian Andrzej Siewior. CVE-2015-2222.
Fix an infinite loop condition on a crafted "xz" archive
file. This was reported by Dimitri Kirchner and Goulven
Guiheux. CVE-2015-2668.
Apply upstream patch for possible heap overflow in Henry
Spencer's regex library. CVE-2015-2305.
Fix crash in upx decoder with crafted file. Discovered and
patch supplied by Sebastian Andrzej Siewior. CVE-2015-2170.
Discovery 2015-04-29 Entry 2015-05-19 clamav
< 0.98.7
clamav-devel
gt 0
CVE-2015-2170
CVE-2015-2221
CVE-2015-2222
CVE-2015-2305
CVE-2015-2668
http://blog.clamav.net/2015/04/clamav-0987-has-been-released.html
|
eb12ebee-b7af-11e1-b5e0-000c299b62e1 | clamav -- multiple vulnerabilities
MITRE Advisories report:
The TAR parser allows remote attackers to bypass malware detection
via a POSIX TAR file with an initial [aliases] character sequence.
The TAR parser allows remote attackers to bypass malware detection
via a TAR archive entry with a length field that exceeds the total
TAR file size.
The Microsoft CHM file parser allows remote attackers to bypass
malware detection via a crafted reset interval in the LZXC header
of a CHM file.
The TAR file parser allows remote attackers to bypass malware
detection via a TAR archive entry with a length field
corresponding to that entire entry, plus part of the header ofxi
the next entry.
Discovery 2012-03-19 Entry 2012-06-16 clamav
< 0.97.5
clamav-devel
< 20120612
CVE-2012-1419
CVE-2012-1457
CVE-2012-1458
CVE-2012-1459
|
1db7ecf5-fd24-11d9-b4d6-0007e900f87b | clamav -- multiple remote buffer overflows
An Secunia Advisory reports:
Neel Mehta and Alex Wheeler have reported some
vulnerabilities in Clam AntiVirus, which can be exploited
by malicious people to cause a DoS (Denial of Service)
or compromise a vulnerable system.
- Two integer overflow errors in "libclamav/tnef.c"
when processing TNEF files can be exploited to cause
a heap-based buffer overflow via a specially crafted
TNEF file with a length value of -1 in the header.
- An integer overflow error in "libclamav/chmunpack.c"
can be exploited to cause a heap-based buffer overflow
via a specially crafted CHM file with a chunk entry that
has a filename length of -1.
- A boundary error in "libclamav/fsg.c" when
processing a FSG compressed file can cause a heap-based
buffer overflow.
Discovery 2005-07-24 Entry 2005-07-25 clamav
< 0.86.2
clamav-devel
le 20050704
http://www.rem0te.com/public/images/clamav.pdf
http://secunia.com/advisories/16180/
|
271498a9-2cd4-11da-a263-0001020eed82 | clamav -- arbitrary code execution and DoS vulnerabilities
Gentoo Linux Security Advisory reports:
Clam AntiVirus is vulnerable to a buffer overflow in
"libclamav/upx.c" when processing malformed UPX-packed
executables. It can also be sent into an infinite loop in
"libclamav/fsg.c" when processing specially-crafted
FSG-packed executables.
By sending a specially-crafted file an attacker could
execute arbitrary code with the permissions of the user
running Clam AntiVirus, or cause a Denial of Service.
Discovery 2005-09-16 Entry 2005-09-24 Modified 2005-10-22 clamav
< 0.87
clamav-devel
< 20050917
363713
CVE-2005-2919
CVE-2005-2920
http://www.gentoo.org/security/en/glsa/glsa-200509-13.xml
|
d8e1aadd-ee68-11d9-8310-0001020eed82 | clamav -- cabinet file handling DoS vulnerability
An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation error in Clam
AntiVirus ClamAV allows attackers to cause a denial of
service condition.
The vulnerability specifically exists due to insufficient
validation on cabinet file header data. The
ENSURE_BITS() macro fails to check for zero
length reads, allowing a carefully constructed cabinet
file to cause an infinite loop.
ClamAV is used in a number of mail gateway
products. Successful exploitation requires an attacker to
send a specially constructed CAB file through a mail
gateway or personal anti-virus client utilizing the ClamAV
scanning engine. The infinate loop will cause the ClamAV
software to use all available processor resources,
resulting in a denial of service or severe degradation to
system performance. Remote exploitation can be achieved by
sending a malicious file in an e-mail message or during an
HTTP session.
Discovery 2005-06-29 Entry 2005-07-06 clamav
< 0.86
clamav-devel
< 20050620
CVE-2005-1923
http://marc.theaimsgroup.com/?l=bugtraq&m=112006456809016
|
6a5174bd-c580-11da-9110-00123ffe8333 | clamav -- Multiple Vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in ClamAV, which
potentially can be exploited by malicious people to cause a
DoS (Denial of Service) and compromise a vulnerable system.
An unspecified integer overflow error exists in the PE header
parser in "libclamav/pe.c". Successful exploitation requires that
the ArchiveMaxFileSize option is disabled.
Some format string errors in the logging handling in
"shared/output.c" may be exploited to execute arbitrary code.
An out-of-bounds memory access error in the "cli_bitset_test()"
function in "ibclamav/others.c" may be exploited to cause a
crash.
Discovery 2006-04-06 Entry 2006-04-06 clamav
< 0.88.1
clamav-devel
le 20051104_1
CVE-2006-1614
CVE-2006-1615
CVE-2006-1630
http://secunia.com/advisories/19534/
http://www.us.debian.org/security/2006/dsa-1024
|
589d8053-0b03-11dd-b4ef-00e07dc4ec84 | clamav -- Multiple Vulnerabilities
Secunia reports:
Some vulnerabilities have been reported in ClamAV, which can be
exploited by malicious people to cause a DoS (Denial of Service)
or to compromise a vulnerable system.
1) A boundary error exists within the "cli_scanpe()" function in
libclamav/pe.c. This can be exploited to cause a heap-based buffer
overflow via a specially crafted "Upack" executable.
Successful exploitation allows execution of arbitrary code.
2) A boundary error within the processing of PeSpin packed
executables in libclamav/spin.c can be exploited to cause a
heap-based buffer overflow.
Successful exploitation may allow execution of arbitrary code.
3) An unspecified error in the processing of ARJ files can be
exploited to hang ClamAV.
Discovery 2008-04-15 Entry 2008-04-15 clamav
< 0.93
clamav-devel
< 20080415
CVE-2008-1100
CVE-2008-1387
http://secunia.com/advisories/29000
|
6d18fe19-ee67-11d9-8310-0001020eed82 | clamav -- MS-Expand file handling DoS vulnerability
An iDEFENSE Security Advisory reports:
Remote exploitation of an input validation error in Clam
AntiVirus ClamAV allows attackers to cause a denial of
service condition.
The vulnerability specifically exists due to improper
behavior during exceptional conditions.
Successful exploitation allows attackers to exhaust file
descriptors pool and memory. Anti-virus detection
functionality will fail if there is no file descriptors
available with which to open files. Remote exploitation
can be achieved by sending a malicious file in an e-mail
message or during an HTTP session.
Discovery 2005-06-29 Entry 2005-07-06 clamav
< 0.86
clamav-devel
< 20050620
CVE-2005-1922
http://marc.theaimsgroup.com/?l=bugtraq&m=112006402411598
|
24b64fb0-af1d-11dd-8a16-001b1116b350 | clamav -- off-by-one heap overflow in VBA project parser
Advisory from Moritz Jodeit, November 8th, 2008:
ClamAV contains an off-by-one heap overflow vulnerability
in the code responsible for parsing VBA project files.
Successful exploitation could allow an attacker to execute
arbitrary code with the privileges of the `clamd' process by
sending an email with a prepared attachment.
A VBA project file embedded inside an OLE2 office document
send as an attachment can trigger the off-by-one.
Entry from Thu Oct 30 13:52:42 CET 2008 (acab) in ChangeLog:
libclamav/vba_extract.c: get_unicode_name off-by-one,
bb#1239 reported by Moritz Jodeit >moritz*jodeit.org<
Discovery 2008-11-08 Entry 2008-11-10 clamav
< 0.94.1
clamav-devel
< 20081105
http://www.securityfocus.com/archive/1/498169/30/0/threaded
http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
CVE-2008-5050
|
70b62f5e-9e2e-11d9-a256-0001020eed82 | clamav -- zip handling DoS vulnerability
The clamav daemon is vulnerable to a DoS vulnerability due
to insufficient handling of malformed zip files which can
crash the clamav daemon.
Discovery 2005-01-27 Entry 2005-03-26 Modified 2005-04-09 clamav
< 0.81
clamav-devel
< 20050408
12408
CVE-2005-0133
http://sourceforge.net/project/shownotes.php?release_id=300116
|
8012a79d-5d21-11db-bb8d-00123ffe8333 | clamav -- CHM unpacker and PE rebuilding vulnerabilities
Secunia reports:
Two vulnerabilities have been reported in Clam AntiVirus, which
potentially can be exploited by malicious people to cause a DoS
(Denial of Service) or compromise a vulnerable system.
1) An unspecified error in the CHM unpacker in chmunpack.c can be
exploited to cause a DoS.
2) An unspecified error in rebuildpe.c when rebuilding PE files
after unpacking can be exploited to cause a heap-based buffer
overflow.
Discovery 2006-10-15 Entry 2006-10-16 clamav
< 0.88.5
clamav-devel
le 20060922
http://secunia.com/advisories/22370/
http://lurker.clamav.net/message/20061016.015114.dc6a8930.en.html
http://sourceforge.net/project/shownotes.php?release_id=455799
|