CVE-2017-11423

Severity CVSS v4.0:
Pending analysis
Type:
CWE-125 Out-of-bounds Read
Publication date:
18/07/2017
Last modified:
20/04/2025

Description

The cabd_read_string function in mspack/cabd.c in libmspack 0.5alpha, as used in ClamAV 0.99.2 and other products, allows remote attackers to cause a denial of service (stack-based buffer over-read and application crash) via a crafted CAB file.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:libmspack_project:libmspack:0.5:alpha:*:*:*:*:*:*
cpe:2.3:a:clamav:clamav:0.99.2:*:*:*:*:*:*:*