CVE-2005-3239 — Anti-virus Clamav vulnerability

5 documents5 sources

Severity

7.8HIGHNVD

EPSS

4.6%

top 10.75%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedOct 14

Latest updateMay 1

Description

The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.87.1-1+3

▶NVDclam_anti-virus/clamav.

🔴Vulnerability Details

GHSA

GHSA-r2v6-rqmq-hxq9: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0↗2022-05-01

▶

OSV

CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0↗2005-10-14

▶

CVEList

CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0↗2005-10-14

▶

📋Vendor Advisories

Debian

CVE-2005-3239: clamav - The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attac...↗2005

▶