Description Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under certain conditions, which allows remote attackers to cause a denial of service (file descriptor consumption and failed scans) via CAB archives with a cabinet header record length of zero, which causes a function to return without closing a file descriptor.
CVSS vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Exploitability: 3.9 | Impact: 3.6 Attack Vector: Network
Complexity: Low
Privileges: None
User Interaction: None
Scope: Unchanged
Confidentiality: None
Integrity: None
Availability: High
Affected Packages6 packages Show 1 more packages Also affects: Debian Linux 3.1
🔴 Vulnerability Details4 GHSA GHSA-q5hh-756j-4676: The chm_decompress_stream function in libclamav/chmunpack ↗ 2022-05-01 ▶ GHSA GHSA-3ppm-vmgq-rr54: Clam AntiVirus ClamAV before 0 ↗ 2022-05-01 ▶ OSV CVE-2007-1745: The chm_decompress_stream function in libclamav/chmunpack ↗ 2007-04-16 ▶ OSV CVE-2007-0897: Clam AntiVirus ClamAV before 0 ↗ 2007-02-16 ▶
📋 Vendor Advisories2 Debian CVE-2007-1745: clamav - The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (C... ↗ 2007 ▶ Debian CVE-2007-0897: clamav - Clam AntiVirus ClamAV before 0.90 does not close open file descriptors under cer... ↗ 2007 ▶
📐 Framework References3 CWE Uncontrolled Resource Consumption ↗ ▶ CWE Missing Release of Resource after Effective Lifetime ↗ ▶ CWE Missing Release of File Descriptor or Handle after Effective Lifetime ↗ ▶
💬 Community4 Bugzilla CVE-2007-1745: clamav < 0.90.2 chm unpack issue ↗ 2007-04-18 ▶ Bugzilla possible vulnerabilities CVE-2007-1745 ↗ 2007-04-17 ▶ Bugzilla 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service ↗ 2007-02-19 ▶ Bugzilla 0.90 fixes CVE-2007-0897 (MIME Header Handling) and CVE-2007-0898 (CAB File Processing) Denials of Service ↗ 2007-02-19 ▶