Denial of Service Vulnerability in ClamAV's tnef_attachment Function

Denial of Service Vulnerability in ClamAV's tnef_attachment Function

CVE-2005-3500 · MEDIUM Severity

AV:N/AC:L/AU:N/C:N/I:N/A:P

The tnef_attachment function in tnef.c for Clam AntiVirus (ClamAV) before 0.87.1 allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via a crafted value in a CAB file that causes ClamAV to repeatedly scan the same block.

Learn more about our Web Application Penetration Testing UK.