CVE - CVE-2008-0318

CVE-ID
CVE-2008-0318	Learn more at National Vulnerability Database (NVD) • Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings
Description
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
IDEFENSE:20080212 ClamAV libclamav PE File Integer Overflow Vulnerability URL:http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658 CONFIRM:http://sourceforge.net/project/shownotes.php?release_id=575703 CONFIRM:http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html CONFIRM:http://kolab.org/security/kolab-vendor-notice-19.txt CONFIRM:http://bugs.gentoo.org/show_bug.cgi?id=209915 CONFIRM:http://docs.info.apple.com/article.html?artnum=307562 APPLE:APPLE-SA-2008-03-18 URL:http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html DEBIAN:DSA-1497 URL:http://www.debian.org/security/2008/dsa-1497 FEDORA:FEDORA-2008-1608 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html FEDORA:FEDORA-2008-1625 URL:https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html GENTOO:GLSA-200802-09 URL:http://security.gentoo.org/glsa/glsa-200802-09.xml MANDRIVA:MDVSA-2008:088 URL:http://www.mandriva.com/security/advisories?name=MDVSA-2008:088 SUSE:SUSE-SR:2008:004 URL:http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html BID:27751 URL:http://www.securityfocus.com/bid/27751 VUPEN:ADV-2008-0503 URL:http://www.vupen.com/english/advisories/2008/0503 VUPEN:ADV-2008-0606 URL:http://www.vupen.com/english/advisories/2008/0606 VUPEN:ADV-2008-0924 URL:http://www.vupen.com/english/advisories/2008/0924/references SECTRACK:1019394 URL:http://securitytracker.com/id?1019394 SECUNIA:28907 URL:http://secunia.com/advisories/28907 SECUNIA:28913 URL:http://secunia.com/advisories/28913 SECUNIA:28949 URL:http://secunia.com/advisories/28949 SECUNIA:29001 URL:http://secunia.com/advisories/29001 SECUNIA:29026 URL:http://secunia.com/advisories/29026 SECUNIA:29060 URL:http://secunia.com/advisories/29060 SECUNIA:29048 URL:http://secunia.com/advisories/29048 SECUNIA:29420 URL:http://secunia.com/advisories/29420
Assigning CNA
N/A
Date Entry Created
20080116	Disclaimer: The entry creation date may reflect when the CVE-ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20080116)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an entry on the CVE list, which standardizes names for security problems.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: cve@mitre.org