cbcvebase.
CVE-2005-1923
published 2005-07-05

CVE-2005-1923: The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU…

PriorityP411low2.6CVSS 2.0
AVNACHAuNCNINAP
EPSS
1.62%
73.0th percentile
The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

Affected

10 ranges
VendorProductVersion rangeFixed in
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clamavclamav>= 0 < 0.86.10.86.1
clamavclamav>= 0 < 0.86.10.86.1
clamavclamav>= 0 < 0.86.10.86.1
clamavclamav>= 0 < 0.86.10.86.1
debianclamav< clamav 0.86.1 (bookworm)clamav 0.86.1 (bookworm)

CVSS provenance

nvdv2.02.6LOWAV:N/AC:H/Au:N/C:N/I:N/A:P
osv2.6LOW
vendor_debian2.6MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.