5

CVE-2009-1371

The CLI_ISCONTAINED macro in libclamav/others.h in ClamAV before 0.95.1 allows remote attackers to cause a denial of service (application crash) via a malformed file with UPack encoding.

Data is provided by the National Vulnerability Database (NVD)
ClamavClamav Version <= 0.95
ClamavClamav Version0.01
ClamavClamav Version0.02
ClamavClamav Version0.3
ClamavClamav Version0.03
ClamavClamav Version0.05
ClamavClamav Version0.8_ Updaterc3
ClamavClamav Version0.9_rc1
ClamavClamav Version0.10
ClamavClamav Version0.12
ClamavClamav Version0.13
ClamavClamav Version0.14 Updatepre
ClamavClamav Version0.15
ClamavClamav Version0.20
ClamavClamav Version0.21
ClamavClamav Version0.22
ClamavClamav Version0.23
ClamavClamav Version0.24
ClamavClamav Version0.51
ClamavClamav Version0.52
ClamavClamav Version0.53
ClamavClamav Version0.54
ClamavClamav Version0.60
ClamavClamav Version0.60p
ClamavClamav Version0.65
ClamavClamav Version0.66
ClamavClamav Version0.67
ClamavClamav Version0.67-1
ClamavClamav Version0.68
ClamavClamav Version0.68.1
ClamavClamav Version0.70
ClamavClamav Version0.70 Updaterc
ClamavClamav Version0.71
ClamavClamav Version0.72
ClamavClamav Version0.73
ClamavClamav Version0.74
ClamavClamav Version0.75
ClamavClamav Version0.75.1
ClamavClamav Version0.80
ClamavClamav Version0.80 Updaterc4
ClamavClamav Version0.80_rc
ClamavClamav Version0.80_rc1
ClamavClamav Version0.80_rc2
ClamavClamav Version0.80_rc3
ClamavClamav Version0.81
ClamavClamav Version0.81_rc1
ClamavClamav Version0.82
ClamavClamav Version0.83
ClamavClamav Version0.84
ClamavClamav Version0.84_rc1
ClamavClamav Version0.84_rc2
ClamavClamav Version0.85
ClamavClamav Version0.85.1
ClamavClamav Version0.86
ClamavClamav Version0.86.1
ClamavClamav Version0.86.2
ClamavClamav Version0.86_rc1
ClamavClamav Version0.87
ClamavClamav Version0.87.1
ClamavClamav Version0.88
ClamavClamav Version0.88.1
ClamavClamav Version0.88.2
ClamavClamav Version0.88.3
ClamavClamav Version0.88.4
ClamavClamav Version0.88.5
ClamavClamav Version0.88.6
ClamavClamav Version0.88.7
ClamavClamav Version0.88.7_p0
ClamavClamav Version0.88.7_p1
ClamavClamav Version0.90
ClamavClamav Version0.90.1
ClamavClamav Version0.90.1_p0
ClamavClamav Version0.90.2
ClamavClamav Version0.90.2_p0
ClamavClamav Version0.90.3
ClamavClamav Version0.90.3_p0
ClamavClamav Version0.90.3_p1
ClamavClamav Version0.90_rc1
ClamavClamav Version0.90_rc1.1
ClamavClamav Version0.90_rc2
ClamavClamav Version0.90_rc3
ClamavClamav Version0.91
ClamavClamav Version0.91.1
ClamavClamav Version0.91.2
ClamavClamav Version0.91.2_p0
ClamavClamav Version0.91_rc1
ClamavClamav Version0.91_rc2
ClamavClamav Version0.92
ClamavClamav Version0.92.1
ClamavClamav Version0.92_p0
ClamavClamav Version0.93
ClamavClamav Version0.93.1
ClamavClamav Version0.93.2
ClamavClamav Version0.93.3
ClamavClamav Version0.94
ClamavClamav Version0.94.1
ClamavClamav Version0.94.2
ClamavClamav Version0.95 Updatesrc1
ClamavClamav Version0.95 Updatesrc2
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 15.07% 0.944
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.