CVE-2005-3239
published 2005-10-14CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an…
PriorityP423high7.8CVSS 2.0
AVNACLAuNCNINAC
EPSS
4.48%
90.3th percentile
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| clam_anti-virus | clamav | — | — |
| clamav | clamav | >= 0 < 0.87.1-1 | 0.87.1-1 |
| clamav | clamav | >= 0 < 0.87.1-1 | 0.87.1-1 |
| clamav | clamav | >= 0 < 0.87.1-1 | 0.87.1-1 |
| clamav | clamav | >= 0 < 0.87.1-1 | 0.87.1-1 |
| debian | clamav | < clamav 0.87.1-1 (bookworm) | clamav 0.87.1-1 (bookworm) |
CVSS provenance
nvdv2.07.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH
vendor_debian7.8MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-r2v6-rqmq-hxq9: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0
ghsa_unreviewed·2022-05-01
CVE-2005-3239 [HIGH] GHSA-r2v6-rqmq-hxq9: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
OSV
CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0
osv·2005-10-14·CVSS 7.8
CVE-2005-3239 [HIGH] CVE-2005-3239: The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
Debian
CVE-2005-3239: clamav - The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attac...
vendor_debian·2005·CVSS 7.8
CVE-2005-3239 [HIGH] CVE-2005-3239: clamav - The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attac...
The OLE2 unpacker in clamd in Clam AntiVirus (ClamAV) 0.87-1 allows remote attackers to cause a denial of service (segmentation fault) via a DOC file with an invalid property tree, which triggers an infinite recursion in the ole2_walk_property_tree function.
Scope: local
bookworm: resolved (fixed in 0.87.1-1)
bullseye: resolved (fixed in 0.87.1-1)
forky: resolved (fixed in 0.87.1-1)
sid: resolved (fixed in 0.87.1-1)
trixie: resolved (fixed in 0.87.1-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566http://secunia.com/advisories/17184http://secunia.com/advisories/17448http://secunia.com/advisories/17451http://secunia.com/advisories/17501http://secunia.com/advisories/17559http://securitytracker.com/id?1015154http://sourceforge.net/project/shownotes.php?release_id=368319http://www.debian.org/security/2005/dsa-887http://www.gentoo.org/security/en/glsa/glsa-200511-04.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:205http://www.osvdb.org/20536http://www.securityfocus.com/bid/15101http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=333566http://secunia.com/advisories/17184http://secunia.com/advisories/17448http://secunia.com/advisories/17451http://secunia.com/advisories/17501http://secunia.com/advisories/17559http://securitytracker.com/id?1015154http://sourceforge.net/project/shownotes.php?release_id=368319http://www.debian.org/security/2005/dsa-887http://www.gentoo.org/security/en/glsa/glsa-200511-04.xmlhttp://www.mandriva.com/security/advisories?name=MDKSA-2005:205http://www.osvdb.org/20536http://www.securityfocus.com/bid/15101
2005-10-14
Published