Skip to main content

Clamav

56 CVEs product

Monthly

CVE-2026-20244 HIGH PATCH This Week

Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20243 HIGH PATCH This Week

Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20217 HIGH PATCH This Week

Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.

Buffer Overflow Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2026-20216 HIGH PATCH This Week

Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.

Denial Of Service Secure Endpoint Clamav Red Hat Suse
NVD VulDB
CVSS 3.1
7.5
EPSS
0.4%
CVE-2025-20260 CRITICAL PATCH Act Now

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Buffer Overflow RCE Denial Of Service Clamav Suse
NVD
CVSS 3.1
9.8
EPSS
0.6%
CVE-2025-20234 MEDIUM PATCH This Month

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Buffer Overflow Information Disclosure Denial Of Service Ubuntu Debian +4
NVD
CVSS 3.1
5.3
EPSS
0.3%
CVE-2025-20128 MEDIUM PATCH This Month

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Cisco Buffer Overflow Denial Of Service Clamav +3
NVD
CVSS 3.1
5.3
EPSS
1.6%
CVE-2024-20380 HIGH This Week

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
1.1%
CVE-2023-20052 MEDIUM This Month

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Secure Endpoint Secure Endpoint Private Cloud Clamav Stormshield Network Security
NVD
CVSS 3.1
5.3
EPSS
7.0%
CVE-2023-20032 CRITICAL Act Now

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service Secure Endpoint Secure Endpoint Private Cloud +3
NVD
CVSS 3.1
9.8
EPSS
29.3%
CVE-2022-20792 HIGH This Week

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow Clamav
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-20796 MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
5.5
EPSS
0.4%
CVE-2022-20785 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2022-20771 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
5.5%
CVE-2022-20770 HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint Fedora Debian Linux
NVD
CVSS 3.1
7.5
EPSS
6.6%
CVE-2021-1405 HIGH This Week

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clamav Debian Linux
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2021-1404 HIGH This Week

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2021-1252 HIGH This Week

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2021-1386 HIGH This Week

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE Advanced Malware Protection For Endpoints Clamav +1
NVD
CVSS 3.1
7.8
EPSS
0.3%
CVE-2021-27506 MEDIUM This Month

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netasq Stormshield Network Security Clamav
NVD
CVSS 3.1
5.5
EPSS
1.3%
CVE-2020-3481 HIGH This Week

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Clamav Ubuntu Linux Debian Linux +1
NVD
CVSS 3.1
7.5
EPSS
3.2%
CVE-2020-3123 HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure Clamav Ubuntu Linux
NVD
CVSS 3.1
7.5
EPSS
2.6%
CVE-2019-1789 HIGH This Week

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Clamav
NVD
CVSS 3.1
7.5
EPSS
1.5%
CVE-2019-12625 HIGH This Week

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.5
EPSS
2.2%
CVE-2019-1798 MEDIUM POC This Month

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.1%
CVE-2019-1788 MEDIUM POC This Month

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Leap Debian Linux
NVD
CVSS 3.1
5.5
EPSS
1.8%
CVE-2019-1787 MEDIUM POC This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav Debian Linux Leap
NVD
CVSS 3.1
5.5
EPSS
1.7%
CVE-2019-1786 MEDIUM This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
CVSS 3.1
5.5
EPSS
1.5%
CVE-2019-1785 HIGH This Week

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
CVSS 3.1
7.8
EPSS
1.8%
CVE-2018-15378 MEDIUM PATCH This Month

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Clamav Debian Linux +1
NVD
CVSS 3.0
5.5
EPSS
1.3%
CVE-2018-0361 LOW Monitor

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clamav Debian Linux
NVD
CVSS 3.0
3.3
EPSS
1.6%
CVE-2018-0360 MEDIUM This Month

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Clamav Ubuntu Linux Debian Linux
NVD
CVSS 3.0
5.5
EPSS
1.7%
CVE-2018-0202 MEDIUM PATCH This Month

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow Cisco Clamav +2
NVD
CVSS 3.0
5.5
EPSS
2.7%
CVE-2018-1000085 MEDIUM PATCH This Month

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Clamav Debian Linux Ubuntu Linux
NVD GitHub
CVSS 3.0
5.5
EPSS
1.7%
CVE-2017-6420 MEDIUM PATCH This Month

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free Clamav
NVD GitHub
CVSS 3.0
5.5
EPSS
0.3%
CVE-2017-6418 MEDIUM PATCH This Month

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure Clamav
NVD GitHub
CVSS 3.0
5.5
EPSS
0.4%
CVE-2016-1372 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Clamav Ubuntu Linux
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-1371 MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Ubuntu Linux Clamav
NVD
CVSS 3.0
5.5
EPSS
0.5%
CVE-2016-1405 HIGH This Week

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow Clamav Email Security Appliance +1
NVD GitHub
CVSS 3.0
7.5
EPSS
1.8%
CVE-2015-2668 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2222 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-2221 MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
CVSS 2.0
5.0
EPSS
0.9%
CVE-2015-2170 MEDIUM PATCH This Month

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
CVSS 2.0
5.0
EPSS
0.8%
CVE-2015-1463 MEDIUM This Month

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clamav Fedora
NVD
CVSS 2.0
5.0
EPSS
1.6%
CVE-2015-1462 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2015-1461 HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
2.4%
CVE-2014-9328 HIGH Act Now

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

Buffer Overflow Fedora Clamav
NVD
CVSS 2.0
7.5
EPSS
11.9%
CVE-2014-9050 MEDIUM POC PATCH This Month

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Clamav
NVD GitHub
CVSS 2.0
5.0
EPSS
6.9%
CVE-2013-6497 LOW PATCH Monitor

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Clamav
NVD
CVSS 2.0
2.1
EPSS
0.4%
CVE-2013-2021 MEDIUM This Month

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Ubuntu Linux Linux Enterprise Server Clamav
NVD GitHub
CVSS 2.0
4.3
EPSS
8.7%
CVE-2013-2020 MEDIUM PATCH This Month

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Ubuntu Linux Linux Enterprise Server Clamav
NVD GitHub
CVSS 2.0
5.0
EPSS
7.7%
CVE-2012-1459 MEDIUM This Month

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available.

Privilege Escalation Fortinet Microsoft V3 Internet Security Avast Antivirus +33
NVD
CVSS 2.0
4.3
EPSS
79.5%
CVE-2012-1458 MEDIUM This Month

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Clamav Sophos Anti Virus
NVD
CVSS 2.0
4.3
EPSS
8.1%
CVE-2012-1457 MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.8% and no vendor patch available.

Privilege Escalation Microsoft Esafe Avast Antivirus Vba32 +25
NVD
CVSS 2.0
4.3
EPSS
50.8%
CVE-2012-1443 MEDIUM This Month

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.2% and no vendor patch available.

Privilege Escalation Fortinet Microsoft V3 Internet Security Esafe +34
NVD
CVSS 2.0
4.3
EPSS
50.2%
CVE-2012-1419 MEDIUM This Month

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Quick Heal Clamav
NVD
CVSS 2.0
4.3
EPSS
0.8%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's DMG file format parser allows a remote, unauthenticated attacker to crash the scanning engine by submitting a crafted Apple Disk Image (DMG) for inspection. The flaw stems from an integer overflow triggered during boundary checks on DMG content and manifests only on 32-bit builds of ClamAV; memory corruption raises the theoretical possibility of expanded impact beyond a crash, though only DoS is described. There is no public exploit identified at time of analysis, and it is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's ALZ archive parser allows an unauthenticated, remote attacker to crash the scanning engine by submitting a crafted ALZ file, with the vendor noting possible expanded impact beyond DoS. The flaw is a heap out-of-bounds write triggered during scanning, and because ClamAV is commonly deployed as an automated mail/upload gateway scanner, an attacker only needs to get a malicious file scanned. No public exploit identified at time of analysis, and the vulnerability is not listed in CISA KEV.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Availability-impacting out-of-bounds write in ClamAV's PESpin file-format parser lets an unauthenticated remote attacker crash the scanning engine by submitting a crafted PESpin-packed file for scanning. Because ClamAV frequently sits inline on mail gateways, file-upload paths, and proxies, a single malicious sample can terminate the scanning process and produce a denial of service; the memory corruption may permit expanded impact beyond DoS though only crash impact is confirmed. There is no public exploit identified at time of analysis and it is not on CISA KEV, with EPSS not provided.

Buffer Overflow Secure Endpoint Clamav +2
NVD VulDB
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in ClamAV's InstallShield file format parser allows a remote, unauthenticated attacker (per CVSS PR:N) to crash the scanning engine and temporarily exhaust system resources by submitting a specially crafted InstallShield file for scanning. The flaw stems from improper handling of temporary resources during file scanning (CWE-770), impacting availability only (C:N/I:N/A:H) with no code execution or data exposure. There is no public exploit identified at time of analysis and it is not listed in CISA KEV, but the network attack vector and low complexity make it easy to trigger anywhere ClamAV automatically scans attacker-supplied files.

Denial Of Service Secure Endpoint Clamav +2
NVD VulDB
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A remote code execution vulnerability in the PDF scanning processes of ClamAV could allow an unauthenticated (CVSS 9.8). Critical severity with potential for significant impact on affected systems.

Buffer Overflow RCE Denial Of Service +2
NVD
EPSS 0% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in Universal Disk Format (UDF) processing of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. This vulnerability is due to a memory overread during UDF file scanning. An attacker could exploit this vulnerability by submitting a crafted file containing UDF content to be scanned by ClamAV on an affected device. A successful exploit could allow the attacker to terminate the ClamAV scanning process, resulting in a DoS condition on the affected software. For a description of this vulnerability, see the .

Buffer Overflow Information Disclosure Denial Of Service +6
NVD
EPSS 2% CVSS 5.3
MEDIUM PATCH This Month

A vulnerability in the Object Linking and Embedding 2 (OLE2) decryption routine of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Heap Overflow Cisco Buffer Overflow +5
NVD
EPSS 1% CVSS 7.5
HIGH This Week

A vulnerability in the HTML parser of ClamAV could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 7% CVSS 5.3
MEDIUM This Month

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the DMG file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier, and. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

XXE Secure Endpoint Secure Endpoint Private Cloud +2
NVD
EPSS 29% CVSS 9.8
CRITICAL Act Now

On Feb 15, 2023, the following vulnerability in the ClamAV scanning library was disclosed: A vulnerability in the HFS+ partition file parser of ClamAV versions 1.0.0 and earlier, 0.105.1 and earlier,. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow RCE Denial Of Service +5
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the regex module used by the signature database load module of Clam AntiVirus (ClamAV) versions 0.104.0 through 0.104.2 and LTS version 0.103.5 and prior versions could allow an. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

RCE Information Disclosure Buffer Overflow +1
NVD
EPSS 0% CVSS 5.5
MEDIUM This Month

On May 4, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in Clam AntiVirus (ClamAV) versions. Rated medium severity (CVSS 5.5), this vulnerability is low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in HTML file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 5% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in the TIFF file parser of Clam. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 7% CVSS 7.5
HIGH This Week

On April 20, 2022, the following vulnerability in the ClamAV scanning library versions 0.103.5 and earlier and 0.104.2 and earlier was disclosed: A vulnerability in CHM file parser of Clam AntiVirus. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav Secure Endpoint +2
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the email parsing module in Clam AntiVirus (ClamAV) Software version 0.103.1 and all prior versions could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Clamav +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

A vulnerability in the PDF parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service condition on an. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the Excel XLM macro parsing module in Clam AntiVirus (ClamAV) Software versions 0.103.0 and 0.103.1 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 0% CVSS 7.8
HIGH This Week

A vulnerability in the dynamic link library (DLL) loading mechanism in Cisco Advanced Malware Protection (AMP) for Endpoints Windows Connector, ClamAV for Windows, and Immunet could allow an. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Cisco Microsoft RCE +3
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

The ClamAV Engine (version 0.103.1 and below) component embedded in Storsmshield Network Security (SNS) is subject to DoS in case of parsing of malformed png files. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Netasq Stormshield Network Security +1
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the EGG archive parsing module in Clam AntiVirus (ClamAV) Software versions 0.102.0 - 0.102.3 could allow an unauthenticated, remote attacker to cause a denial of service condition. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Null Pointer Dereference Denial Of Service Clamav +3
NVD
EPSS 3% CVSS 7.5
HIGH This Week

A vulnerability in the Data-Loss-Prevention (DLP) module in Clam AntiVirus (ClamAV) Software versions 0.102.1 and 0.102.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Buffer Overflow Denial Of Service Information Disclosure +2
NVD
EPSS 1% CVSS 7.5
HIGH This Week

ClamAV versions prior to 0.101.2 are susceptible to a denial of service (DoS) vulnerability. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Microsoft Clamav
NVD
EPSS 2% CVSS 7.5
HIGH This Week

ClamAV versions prior to 0.101.3 are susceptible to a zip bomb vulnerability where an unauthenticated attacker can cause a denial of service condition by sending crafted messages to an affected. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

A vulnerability in the Portable Executable (PE) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A vulnerability in the Object Linking & Embedding (OLE2) file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav +2
NVD
EPSS 2% CVSS 5.5
MEDIUM POC This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and prior could allow an unauthenticated, remote attacker to cause a. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Buffer Overflow Clamav +2
NVD
EPSS 1% CVSS 5.5
MEDIUM This Month

A vulnerability in the Portable Document Format (PDF) scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Buffer Overflow Clamav
NVD
EPSS 2% CVSS 7.8
HIGH This Week

A vulnerability in the RAR file scanning functionality of Clam AntiVirus (ClamAV) Software versions 0.101.1 and 0.101.0 could allow an unauthenticated, remote attacker to cause a denial of service. Rated high severity (CVSS 7.8), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Clamav
NVD
EPSS 1% CVSS 5.5
MEDIUM PATCH This Month

A vulnerability in ClamAV versions prior to 0.100.2 could allow an attacker to cause a denial of service (DoS) condition. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +3
NVD
EPSS 2% CVSS 3.3
LOW Monitor

ClamAV before 0.100.1 lacks a PDF object length check, resulting in an unreasonably long time to parse a relatively small file. Rated low severity (CVSS 3.3), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Information Disclosure Clamav Debian Linux
NVD
EPSS 2% CVSS 5.5
MEDIUM This Month

ClamAV before 0.100.1 has an HWP integer overflow with a resultant infinite loop via a crafted Hangul Word Processor file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

Integer Overflow Denial Of Service Clamav +2
NVD
EPSS 3% CVSS 5.5
MEDIUM PATCH This Month

clamscan in ClamAV before 0.99.4 contains a vulnerability that could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Denial Of Service Buffer Overflow +4
NVD
EPSS 2% CVSS 5.5
MEDIUM PATCH This Month

ClamAV version version 0.99.3 contains a Out of bounds heap memory read vulnerability in XAR parser, function xar_hash_check() that can result in Leaking of memory, may help in developing exploit. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Clamav +2
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

The wwunpack function in libclamav/wwunpack.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (use-after-free) via a crafted PE file with WWPack compression. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. This Use After Free vulnerability could allow attackers to access freed memory to execute arbitrary code or crash the application.

Denial Of Service Memory Corruption Use After Free +1
NVD GitHub
EPSS 0% CVSS 5.5
MEDIUM PATCH This Month

libclamav/message.c in ClamAV 0.99.2 allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted e-mail message. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity.

Buffer Overflow Denial Of Service Information Disclosure +1
NVD GitHub
EPSS 1% CVSS 5.5
MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted 7z file. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Clamav +1
NVD
EPSS 1% CVSS 5.5
MEDIUM POC This Month

ClamAV (aka Clam AntiVirus) before 0.99.2 allows remote attackers to cause a denial of service (application crash) via a crafted mew packer executable. Rated medium severity (CVSS 5.5), this vulnerability is no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Denial Of Service Authentication Bypass Ubuntu Linux +1
NVD
EPSS 2% CVSS 7.5
HIGH This Week

libclamav in ClamAV (aka Clam AntiVirus), as used in Advanced Malware Protection (AMP) on Cisco Email Security Appliance (ESA) devices before 9.7.0-125 and Web Security Appliance (WSA) devices before. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Denial Of Service Cisco Buffer Overflow +3
NVD GitHub
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted xz archive file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted petite packed file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

ClamAV before 0.98.7 allows remote attackers to cause a denial of service (infinite loop) via a crafted y0da cryptor file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Clamav Ubuntu Linux
NVD
EPSS 1% CVSS 5.0
MEDIUM PATCH This Month

The upx decoder in ClamAV before 0.98.7 allows remote attackers to cause a denial of service (crash) via a crafted file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Denial Of Service Ubuntu Linux Clamav
NVD
EPSS 2% CVSS 5.0
MEDIUM This Month

ClamAV before 0.98.6 allows remote attackers to cause a denial of service (crash) via a crafted petite packer file, related to an "incorrect compiler optimization.". Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Denial Of Service Clamav Fedora
NVD
EPSS 2% CVSS 7.5
HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upx packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
EPSS 2% CVSS 7.5
HIGH This Week

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted (1) Yoda's crypter or (2) mew packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Buffer Overflow Fedora Clamav
NVD
EPSS 12% CVSS 7.5
HIGH Act Now

ClamAV before 0.98.6 allows remote attackers to have unspecified impact via a crafted upack packer file, related to a "heap out of bounds condition.". Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, low attack complexity. Epss exploitation probability 11.9% and no vendor patch available.

Buffer Overflow Fedora Clamav
NVD
EPSS 7% CVSS 5.0
MEDIUM POC PATCH This Month

Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

Denial Of Service Buffer Overflow Clamav
NVD GitHub
EPSS 0% CVSS 2.1
LOW PATCH Monitor

clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file. Rated low severity (CVSS 2.1), this vulnerability is low attack complexity.

Denial Of Service Clamav
NVD
EPSS 9% CVSS 4.3
MEDIUM This Month

pdf.c in ClamAV 0.97.1 through 0.97.7 allows remote attackers to cause a denial of service (out-of-bounds-read) via a crafted length value in an encrypted PDF file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Buffer Overflow Denial Of Service Ubuntu Linux +2
NVD GitHub
EPSS 8% CVSS 5.0
MEDIUM PATCH This Month

Integer underflow in the cli_scanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service (crash) via a skewed offset larger than the size of the PE section in. Rated medium severity (CVSS 5.0), this vulnerability is remotely exploitable, low attack complexity.

Buffer Overflow Denial Of Service Ubuntu Linux +2
NVD GitHub
EPSS 80% CVSS 4.3
MEDIUM This Month

The TAR file parser in AhnLab V3 Internet Security 2011.01.18.00, Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 79.5% and no vendor patch available.

Privilege Escalation Fortinet Microsoft +35
NVD
EPSS 8% CVSS 4.3
MEDIUM This Month

The Microsoft CHM file parser in ClamAV 0.96.4 and Sophos Anti-Virus 4.61.0 allows remote attackers to bypass malware detection via a crafted reset interval in the LZXC header of a CHM file. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Microsoft Clamav +1
NVD
EPSS 51% CVSS 4.3
MEDIUM This Month

The TAR file parser in Avira AntiVir 7.11.1.163, Antiy Labs AVL SDK 2.0.3.7, avast!. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.8% and no vendor patch available.

Privilege Escalation Microsoft Esafe +27
NVD
EPSS 50% CVSS 4.3
MEDIUM This Month

The RAR file parser in ClamAV 0.96.4, Rising Antivirus 22.83.00.03, Quick Heal (aka Cat QuickHeal) 11.00, G Data AntiVirus 21, AVEngine 20101.3.0.103 in Symantec Endpoint Protection 11, Command. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. Epss exploitation probability 50.2% and no vendor patch available.

Privilege Escalation Fortinet Microsoft +36
NVD
EPSS 1% CVSS 4.3
MEDIUM This Month

The TAR file parser in ClamAV 0.96.4 and Quick Heal (aka Cat QuickHeal) 11.00 allows remote attackers to bypass malware detection via a POSIX TAR file with an initial [aliases] character sequence. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.

Privilege Escalation Quick Heal Clamav
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy