Published: 05/07/2005 Updated: 05/09/2008

CVSS v2 Base Score: 2.6 | Impact Score: 2.9 | Exploitability Score: 4.9

VMScore: 231

Vector: AV:N/AC:H/Au:N/C:N/I:N/A:P

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote malicious users to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

Vulnerable Product	Search on Vulmon	Subscribe to Product
clam anti-virus clamav 0.83
clam anti-virus clamav 0.84_rc2
clam anti-virus clamav 0.85.1
clam anti-virus clamav 0.84_rc1
clam anti-virus clamav 0.85

A number of potential remote denial of service vulnerabilities have been identified in ClamAV In addition to the four issues identified by CVE ID above, there are fixes for issues in libclamav/cvdc and libclamav/messagec Together, these issues could allow a carefully crafted message to crash a ClamAV scanner or exhaust various resources on the ...

NVD-CWE-Other http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities http://www.debian.org/security/2005/dsa-737 https://nvd.nist.gov https://www.debian.org/security/./dsa-737

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2005-1923

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect