CVE-2005-2920Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus Clamav

5 documents5 sources
Severity
7.5HIGHNVD
EPSS
14.2%
top 5.60%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedSep 20
Latest updateMay 1

Description

Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows remote attackers to execute arbitrary code via a crafted UPX packed executable.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

Debianclamav/clamav< 0.87-1+3
NVDclam_anti-virus/clamav17 versions+16

Patches

Patch: sourceforge.netPatch: www.gentoo.orgPatch: sourceforge.net

🔴Vulnerability Details

3
GHSA
GHSA-gqh2-5g96-mr4j: Buffer overflow in libclamav/upx2022-05-01
OSV
CVE-2005-2920: Buffer overflow in libclamav/upx2005-09-20
CVEList
CVE-2005-2920: Buffer overflow in libclamav/upx2005-09-20

📋Vendor Advisories

1
Debian
CVE-2005-2920: clamav - Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before 0.87 allows...2005
CVE-2005-2920 — Clam Anti-virus Clamav vulnerability | cvebase