CVE-2005-2450

NameCVE-2005-2450
DescriptionMultiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-776-1, DTSA-3-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
clamav (PTS)jessie0.100.0+dfsg-0+deb8u1fixed
jessie (security)0.100.1+dfsg-0+deb8u1fixed
stretch0.100.0+dfsg-0+deb9u2fixed
buster, sid0.100.1+dfsg-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
clamavsource(unstable)0.86.2-1medium
clamavsourceetch0.86.2-4etch1highDTSA-3-1
clamavsourcesarge0.84-2.sarge.2mediumDSA-776-1

Search for package or bug name: Reporting problems