CVE-2005-1530

Description

Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, allows remote attackers to cause a denial of service (CPU consumption by infinite loop) via a Bzip2 archive with a large 'Extra field length' value.

Affected products

• Sophos / sophos_anti-virus3.4.6 – 3.4.6
• Sophos / sophos_anti-virus3.78 – 3.78
• Sophos / sophos_anti-virus3.78d – 3.78d
• Sophos / sophos_anti-virus3.79 – 3.79
• Sophos / sophos_anti-virus3.80 – 3.80
• Sophos / sophos_anti-virus3.81 – 3.81
• Sophos / sophos_anti-virus3.82 – 3.82
• Sophos / sophos_anti-virus3.83 – 3.83
• Sophos / sophos_anti-virus3.84 – 3.84
• Sophos / sophos_anti-virus3.85 – 3.85
• Sophos / sophos_anti-virus3.86 – 3.86
• Sophos / sophos_anti-virus3.90 – 3.90
• Sophos / sophos_anti-virus3.91 – 3.91
• Sophos / sophos_anti-virus5.0.1 – 5.0.1
• Sophos / sophos_mailmonitor2.0 – 2.0
• Sophos / sophos_mailmonitor2.1 – 2.1
• Sophos / sophos_mailmonitor_for_notes_domino
• Sophos / sophos_puremessage_anti-virus4.6 – 4.6
• Sophos / sophos_small_business_suite1.0 – 1.0

References

• MISChttp://www.securityfocus.com/bid/14270
• MISChttp://www.idefense.com/application/poi/display?id=283&type=vulnerabilities&flashstatus=true
• MISChttp://securitytracker.com/id?1014488
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/21373