CVE-2005-1923

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2005-1923

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2005-1923.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2005-1923

Downstream

DEBIAN-CVE-2005-1923

DSA-737-1

DTSA-3-1

Published

2005-07-05T04:00:00Z

Modified

2025-08-09T19:01:28Z

Summary

[none]

Details

The ENSUREBITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffileFolderOffset field set to 0xff, which causes a zero-length read.

References

http://www.debian.org/security/2005/dsa-737
http://www.idefense.com/application/poi/display?id=275&type=vulnerabilities

CVE-2005-1923

Affected packages