CVSS: 5.0EPSS: 18%CPEs: 16EXPL: 1CVE-2006-5645 – Sophos / Trend Micro AntiVirus - '.RAR' File Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2006-5645
Sophos Anti-Virus and Endpoint Security before 6.0.5, Anti-Virus for Linux before 5.0.10, and other platforms before 4.11, when "Enabled scanning of archives" is set, allows remote attackers to cause a denial of service (infinite loop) via a malformed RAR archive with an Archive Header section with the head_size and pack_size fields set to zero. Sophos Anti-Virus y Endpoint Security anteriores a 6.0.5, Anti-virus para Linux 5.0.10, y otras plataformas en versiones anteriores a la 4.11, permite a atacantes remotos causar denegación de servicio (bucle infinito) mediante un fichero RAR mal formado con una sección de Cabecera de Archivo con los campos head_size y pack_size puestos a cero. • https://www.exploit-db.com/exploits/2912 http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=439 http://secunia.com/advisories/22591 http://securitytracker.com/id?1017132 http://www.securityfocus.com/archive/1/474683/100/0/threaded http://www.securityfocus.com/bid/20816 http://www.securitytracker.com/id?1018450 http://www.sophos.com/support/knowledgebase/article/7609.html http://www.vupen.com/english/advisories/2006/4239 • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 9%CPEs: 17EXPL: 0CVE-2005-2768
https://notcve.org/view.php?id=CVE-2005-2768
Heap-based buffer overflow in the Sophos Antivirus Library, as used by Sophos Antivirus, PureMessage, MailMonitor, and other products, allows remote attackers to execute arbitrary code via a Visio file with a crafted sub record length. • http://marc.info/?l=bugtraq&m=112511873420953&w=2 http://secunia.com/advisories/16245 http://www.rem0te.com/public/images/sophos.pdf http://www.securityfocus.com/bid/14362 http://www.sophos.com/support/knowledgebase/article/3409.html https://exchange.xforce.ibmcloud.com/vulnerabilities/21608 •