The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote malicious users to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
clam anti-virus clamav 0.83 |
||
clam anti-virus clamav 0.84_rc2 |
||
clam anti-virus clamav 0.85.1 |
||
clam anti-virus clamav 0.84_rc1 |
||
clam anti-virus clamav 0.85 |