ID CVE-2008-0318
Summary Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
References
Vulnerable Configurations
  • cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
    cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*
CVSS
Base: 10.0 (as of 07-03-2011 - 05:00)
Impact:
Exploitability:
CWE CWE-189
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
COMPLETE COMPLETE COMPLETE
cvss-vector via4 AV:N/AC:L/Au:N/C:C/I:C/A:C
refmap via4
apple APPLE-SA-2008-03-18
bid 27751
confirm
debian DSA-1497
fedora
  • FEDORA-2008-1608
  • FEDORA-2008-1625
gentoo GLSA-200802-09
idefense 20080212 ClamAV libclamav PE File Integer Overflow Vulnerability
mandriva MDVSA-2008:088
sectrack 1019394
secunia
  • 28907
  • 28913
  • 28949
  • 29001
  • 29026
  • 29048
  • 29060
  • 29420
suse SUSE-SR:2008:004
vupen
  • ADV-2008-0503
  • ADV-2008-0606
  • ADV-2008-0924
Last major update 07-03-2011 - 05:00
Published 12-02-2008 - 20:00
Last modified 07-03-2011 - 05:00
Back to Top