FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2008-0318

This CVE name corresponds to:

Entered Topic
2008-02-15 clamav -- ClamAV libclamav PE File Integer Overflow Vulnerability

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2008-0318 at cve.mitre.org

Details

Type Candidate
Name CVE-2008-0318
Phase Assigned(20080116)

Description

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.

References

Source Reference
IDEFENSE 20080212 ClamAV libclamav PE File Integer Overflow Vulnerability
CONFIRM http://sourceforge.net/project/shownotes.php?release_id=575703
CONFIRM http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html
CONFIRM http://kolab.org/security/kolab-vendor-notice-19.txt
CONFIRM http://bugs.gentoo.org/show_bug.cgi?id=209915
CONFIRM http://docs.info.apple.com/article.html?artnum=307562
APPLE APPLE-SA-2008-03-18
DEBIAN DSA-1497
FEDORA FEDORA-2008-1608
FEDORA FEDORA-2008-1625
GENTOO GLSA-200802-09
MANDRIVA MDVSA-2008:088
SUSE SUSE-SR:2008:004
BID 27751
VUPEN ADV-2008-0503
VUPEN ADV-2008-0606
VUPEN ADV-2008-0924
SECTRACK 1019394
SECUNIA 28907
SECUNIA 28913
SECUNIA 28949
SECUNIA 29001
SECUNIA 29026
SECUNIA 29060
SECUNIA 29048
SECUNIA 29420

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.