CVE-2005-1923

Publication date 5 July 2005

Last updated 24 July 2024

Ubuntu priority

The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, and other versions vefore 0.86, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a cabinet (CAB) file with the cffile_FolderOffset field set to 0xff, which causes a zero-length read.

Status

Show unmaintained releases

No maintained releases are affected by this CVE.

Package	Ubuntu Release	Status
clamav	7.04 feisty	Fixed 0.90.2-0ubuntu1.3
	6.10 edgy	Fixed 0.88.4-1ubuntu2.1
	6.06 LTS dapper	Fixed 0.88.2-1ubuntu1.3

How can I get the fixes?
What do statuses mean?

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2005-1923