CVE-2005-2450: Integer Overflow
First published: Wed Aug 03 2005(Updated: )
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ClamXAV | =0.85 | |
| ClamXAV | =0.85.1 | |
| ClamXAV | =0.86 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://sourceforge.net/project/shownotes.php?release_id=344514
- http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000987
- http://security.gentoo.org/glsa/glsa-200507-25.xml
- http://www.securityfocus.com/bid/14359
- http://www.osvdb.org/18257
- http://www.osvdb.org/18258
- http://www.osvdb.org/18259
- http://secunia.com/advisories/16180
- http://secunia.com/advisories/16229
- http://secunia.com/advisories/16250
- http://secunia.com/advisories/16296
- http://secunia.com/advisories/16458
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://marc.info/?l=bugtraq&m=112230864412932&w=2
- https://exchange.xforce.ibmcloud.com/vulnerabilities/21555
Frequently Asked Questions
What is the severity of CVE-2005-2450?
CVE-2005-2450 has a high severity rating due to the potential for remote code execution and privilege escalation.
How do I fix CVE-2005-2450?
To fix CVE-2005-2450, update ClamAV to version 0.86.1 or later, which addresses the identified vulnerabilities.
What software versions are affected by CVE-2005-2450?
CVE-2005-2450 affects ClamAV versions 0.85, 0.85.1, and 0.86.
Can CVE-2005-2450 be exploited remotely?
Yes, CVE-2005-2450 can be exploited remotely through specially crafted email messages.
What type of vulnerability is CVE-2005-2450?
CVE-2005-2450 is categorized as an integer overflow vulnerability, which can lead to memory corruption.
- agent/first-publish-date
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/weakness
- agent/last-modified-date
- agent/author
- agent/references
- agent/severity
- agent/event
- agent/description
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/clam anti-virus
- product/clamav
- canonical/clam anti-virus clamav
- canonical/clamxav
- version/clamxav/0.85
- version/clamxav/0.85.1
- version/clamxav/0.86