CVE-2005-2450

NameCVE-2005-2450
DescriptionMultiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
SourceCVE (at NVD; LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SuSE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-776-1, DTSA-3-1
NVD severityhigh (attack range: remote)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
clamav (PTS)wheezy0.99+dfsg-0+deb7u2fixed
jessie0.99+dfsg-0+deb8u2fixed
stretch, sid0.99.2+dfsg-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
clamavsource(unstable)0.86.2-1medium
clamavsourceetch0.86.2-4etch1highDTSA-3-1
clamavsourcesarge0.84-2.sarge.2mediumDSA-776-1

Search for package or bug name: Reporting problems