blob: fdbc443a41c885b3b5773a6e4ee0088fed374b27 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
source: clamav
date: November 3rd, 2005
author: Micah Anderson
vuln-type: Denial of service vulnerabilities and buffer overflow
problem-scope: remote
debian-specific: no
cve: CVE-2005-3239 CVE-2005-3500 CVE-2005-3501 CVE-2005-3303
testing-fix: 0.87.1-0etch.1
sid-fix: 0.87.1
upgrade: apt-get upgrade
Multiple security holes were found in clamav:
CVE-2005-3239
The OLE2 unpacker allows remote attackers to cause a denial of service
by sending a DOC file with an invalid property tree, triggering
an infinite recursion.
CVE-2005-3500
The tnef_attachment function in Clam AntiVirus before 0.87.1
allows remote attackers to cause a denial of service, through
an infinate loop and memory exhaustion, by crafting a CAB file
with a value that causes ClamAV to repeatedly scan the same block
CVE-2005-3501
The cabd_find function in of the libmspack library in Clam AntiVirus
before 0.87.1 allows remote attackers to cause a denial of service
via a crafted CAB file that causes cabd_find to be called with a zero
length.
CVE-2005-3303
The FSB unpacker in Clam AntiVirus 0.80 through 0.87 allows
remote attackers to cause memory corruption and execute arbitrary
code via a crafted FSG 1.33 file.
|