CVE-2005-2450
clamav - integer overflows, infinite loop
EPSS 3.6%
Description
Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file format processors in libclamav for Clam AntiVirus (ClamAV) 0.86.1 and earlier allow remote attackers to gain privileges via a crafted e-mail message.
How to fix CVE-2005-2450
To remediate CVE-2005-2450, upgrade the affected package to a fixed version below.
- Debian/clamav—upgrade to 0.86.2-1 or later
- Debian/clamav—upgrade to 0.84-2.sarge.2 or later
Is CVE-2005-2450 being exploited?
Low — EPSS is 3.6%, meaning exploitation activity has not been observed at scale.
Affected packages (2)
- from 0, < 0.86.2-1
- from 0, < 0.84-2.sarge.2