Search criteria
61 vulnerabilities by clam_anti-virus
CVE-2008-5314 (GCVE-0-2008-5314)
Vulnerability from cvelistv5 – Published: 2008-12-03 17:00 – Updated: 2024-08-07 10:49
VLAI?
Summary
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:49:12.166Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33317"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-26T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32936",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33317"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32936",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32936"
},
{
"name": "7330",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7330"
},
{
"name": "33195",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33195"
},
{
"name": "USN-684-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-684-1"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32926",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32926"
},
{
"name": "1021296",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021296"
},
{
"name": "ADV-2008-3311",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3311"
},
{
"name": "33016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33016"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "[clamav-announce] 20081126 announcing ClamAV 0.94.2",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html"
},
{
"name": "50363",
"refsource": "OSVDB",
"url": "http://osvdb.org/50363"
},
{
"name": "GLSA-200812-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "clamav-special-dos(46985)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46985"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "[oss-security] 20081201 CVE request: clamav 0.94.2",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/12/01/8"
},
{
"name": "MDVSA-2008:239",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:239"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=643134"
},
{
"name": "SUSE-SR:2008:028",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html"
},
{
"name": "32555",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32555"
},
{
"name": "33317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33317"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5314",
"datePublished": "2008-12-03T17:00:00",
"dateReserved": "2008-12-03T00:00:00",
"dateUpdated": "2024-08-07T10:49:12.166Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-5050 (GCVE-0-2008-5050)
Vulnerability from cvelistv5 – Published: 2008-11-13 01:00 – Updated: 2024-08-07 10:40
VLAI?
Summary
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:40:16.959Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU",
"x_transferred"
],
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-11-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-3085",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33016"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"tags": [
"vendor-advisory",
"x_refsource_UBUNTU"
],
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-5050",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-3085",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/3085"
},
{
"name": "4579",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4579"
},
{
"name": "33937",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33937"
},
{
"name": "DSA-1680",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1680"
},
{
"name": "32765",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32765"
},
{
"name": "clamav-getunicodename-bo(46462)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46462"
},
{
"name": "32207",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/32207"
},
{
"name": "33016",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33016"
},
{
"name": "http://support.apple.com/kb/HT3438",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3438"
},
{
"name": "20081109 ClamAV get_unicode_name() off-by-one buffer overflow",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.html"
},
{
"name": "APPLE-SA-2009-02-12",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html"
},
{
"name": "1021159",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1021159"
},
{
"name": "32872",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32872"
},
{
"name": "GLSA-200812-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200812-21.xml"
},
{
"name": "20081108 ClamAV get_unicode_name() off-by-one buffer overflow",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/498169/100/0/threaded"
},
{
"name": "FEDORA-2008-9651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=637952\u0026group_id=86638"
},
{
"name": "ADV-2009-0422",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2009/0422"
},
{
"name": "USN-672-1",
"refsource": "UBUNTU",
"url": "http://www.ubuntu.com/usn/usn-672-1"
},
{
"name": "32663",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32663"
},
{
"name": "MDVSA-2008:229",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:229"
},
{
"name": "33317",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33317"
},
{
"name": "SUSE-SR:2008:026",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"
},
{
"name": "32699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32699"
},
{
"name": "FEDORA-2008-9644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-5050",
"datePublished": "2008-11-13T01:00:00",
"dateReserved": "2008-11-12T00:00:00",
"dateUpdated": "2024-08-07T10:40:16.959Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1389 (GCVE-0-2008-1389)
Vulnerability from cvelistv5 – Published: 2008-09-04 16:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.723Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "32030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-09-01T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-09-24T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "32030",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31681"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1389",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "32030",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32030"
},
{
"name": "30994",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30994"
},
{
"name": "ADV-2008-2484",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2484"
},
{
"name": "31982",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31982"
},
{
"name": "31681",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31681"
},
{
"name": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
},
{
"name": "SUSE-SR:2008:018",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
},
{
"name": "31725",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31725"
},
{
"name": "MDVSA-2008:189",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
},
{
"name": "FEDORA-2008-9651",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
},
{
"name": "32222",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32222"
},
{
"name": "GLSA-200809-18",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
},
{
"name": "1020805",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020805"
},
{
"name": "ADV-2008-2780",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2780"
},
{
"name": "ADV-2008-2564",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2564"
},
{
"name": "32699",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/32699"
},
{
"name": "APPLE-SA-2008-10-09",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
},
{
"name": "http://support.apple.com/kb/HT3216",
"refsource": "CONFIRM",
"url": "http://support.apple.com/kb/HT3216"
},
{
"name": "31906",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31906"
},
{
"name": "FEDORA-2008-9644",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1389",
"datePublished": "2008-09-04T16:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3215 (GCVE-0-2008-3215)
Vulnerability from cvelistv5 – Published: 2008-07-18 16:00 – Updated: 2024-08-07 09:28
VLAI?
Summary
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:28:41.715Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31091"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-07-08T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31091"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3215",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000#c4"
},
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "[oss-security] 20080715 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/15/1"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "clamav-petitec-dos(44200)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44200"
},
{
"name": "SUSE-SR:2008:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3920"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31091"
},
{
"name": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html",
"refsource": "CONFIRM",
"url": "http://lurker.clamav.net/message/20080707.155612.ad411b00.en.html"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "MDVSA-2008:166",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:166"
},
{
"name": "FEDORA-2008-6422",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "FEDORA-2008-6338",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00606.html"
},
{
"name": "[oss-security] 20080708 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/07/08/5"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3215",
"datePublished": "2008-07-18T16:00:00",
"dateReserved": "2008-07-18T00:00:00",
"dateUpdated": "2024-08-07T09:28:41.715Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-2713 (GCVE-0-2008-2713)
Vulnerability from cvelistv5 – Published: 2008-06-16 21:00 – Updated: 2024-08-07 09:14
VLAI?
Summary
libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:14:14.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30657"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31206"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30657"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31206"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-2713",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "MDVSA-2008:122",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:122"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "SUSE-SR:2008:015",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.html"
},
{
"name": "30785",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30785"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "[oss-security] 20080615 CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/15/2"
},
{
"name": "ADV-2008-1855",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1855/references"
},
{
"name": "30967",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30967"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "31091",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31091"
},
{
"name": "30657",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30657"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-21.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-21.txt"
},
{
"name": "clamav-petite-dos(43133)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43133"
},
{
"name": "SUSE-SR:2008:014",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html"
},
{
"name": "DSA-1616",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1616"
},
{
"name": "FEDORA-2008-5476",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000"
},
{
"name": "[oss-security] 20080617 Re: CVE id request: Clamav",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2008/06/17/8"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "29750",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/29750"
},
{
"name": "30829",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30829"
},
{
"name": "1020305",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1020305"
},
{
"name": "FEDORA-2008-6422",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.html"
},
{
"name": "31167",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31167"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/websvn/diff.php?repname=clamav-devel\u0026path=/branches/0.93/libclamav/petite.c\u0026rev=3886"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=605577\u0026group_id=86638"
},
{
"name": "31206",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31206"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-2713",
"datePublished": "2008-06-16T21:00:00",
"dateReserved": "2008-06-16T00:00:00",
"dateUpdated": "2024-08-07T09:14:14.572Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1837 (GCVE-0-2008-1837)
Vulnerability from cvelistv5 – Published: 2008-04-16 16:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger "memory problems," as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-libclamunrar-dos(41870)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamunrar in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via crafted RAR files that trigger \"memory problems,\" as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-libclamunrar-dos(41870)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41870"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=898"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1837",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1835 (GCVE-0-2008-1835)
Vulnerability from cvelistv5 – Published: 2008-04-16 16:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:59.848Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "clamav-rar-weak-security(41874)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to bypass the scanning enging via a RAR file with an invalid version number, which cannot be parsed by ClamAV but can be extracted by Winrar."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=541"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "clamav-rar-weak-security(41874)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41874"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1835",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:59.848Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1387 (GCVE-0-2008-1387)
Vulnerability from cvelistv5 – Published: 2008-04-16 16:00 – Updated: 2024-08-07 08:17
VLAI?
Summary
ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:17:34.683Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-11T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1387",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV before 0.93 allows remote attackers to cause a denial of service (CPU consumption) via a crafted ARJ archive, as demonstrated by the PROTOS GENOME test suite for Archive Formats."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "clamav-arj-unspecified-dos(41822)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41822"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "20080415 clamav: Endless loop / hang with crafter arj, CVE-2008-1387",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/490863/100/0/threaded"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897",
"refsource": "CONFIRM",
"url": "https://www.clamav.net/bugzilla/show_bug.cgi?id=897"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "http://int21.de/cve/CVE-2008-1387-clamav.html",
"refsource": "MISC",
"url": "http://int21.de/cve/CVE-2008-1387-clamav.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html",
"refsource": "MISC",
"url": "http://www.cert.fi/haavoittuvuudet/joint-advisory-archive-formats.html"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "28782",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28782"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/",
"refsource": "MISC",
"url": "http://www.ee.oulu.fi/research/ouspg/protos/testing/c10/archive/"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1387",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-03-18T00:00:00",
"dateUpdated": "2024-08-07T08:17:34.683Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1836 (GCVE-0-2008-1836)
Vulnerability from cvelistv5 – Published: 2008-04-16 16:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.369Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "clamav-rfc2231-dos(41868)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The rfc2231 function in message.c in libclamav in ClamAV before 0.93 allows remote attackers to cause a denial of service (crash) via a crafted message that produces a string that is not null terminated, which triggers a buffer over-read."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=881"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "clamav-rfc2231-dos(41868)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41868"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2008-1836",
"datePublished": "2008-04-16T16:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:58.369Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1833 (GCVE-0-2008-1833)
Vulnerability from cvelistv5 – Published: 2008-04-16 15:00 – Updated: 2024-08-07 08:40
VLAI?
Summary
Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:40:58.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-1833",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in pe.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted WWPack compressed PE binary."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019850",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019850"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28798",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28798"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-wwpack-pe-bo(41833)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41833"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=877"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "20080414 ClamAV libclamav PE WWPack Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=687"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-1833",
"datePublished": "2008-04-16T15:00:00",
"dateReserved": "2008-04-16T00:00:00",
"dateUpdated": "2024-08-07T08:40:58.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0314 (GCVE-0-2008-0314)
Vulnerability from cvelistv5 – Published: 2008-04-16 15:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0314",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html",
"refsource": "CONFIRM",
"url": "http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "1019851",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019851"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "29886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29886"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "20080414 ClamAV libclamav PeSpin Heap Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=686"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=876"
},
{
"name": "VU#858595",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "clamav-spin-bo(41823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41823"
},
{
"name": "31576",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31576"
},
{
"name": "ADV-2008-1227",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1227/references"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0314",
"datePublished": "2008-04-16T15:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-1100 (GCVE-0-2008-1100)
Vulnerability from cvelistv5 – Published: 2008-04-14 16:00 – Updated: 2024-08-07 08:08
VLAI?
Summary
Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T08:08:57.680Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT",
"x_transferred"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN",
"x_transferred"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-04-14T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"shortName": "flexera"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"tags": [
"third-party-advisory",
"x_refsource_CERT"
],
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"tags": [
"third-party-advisory",
"x_refsource_CERT-VN"
],
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "PSIRT-CNA@flexerasoftware.com",
"ID": "CVE-2008-1100",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "FEDORA-2008-3900",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-May/msg00249.html"
},
{
"name": "29000",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29000"
},
{
"name": "GLSA-200805-19",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200805-19.xml"
},
{
"name": "APPLE-SA-2008-09-15",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.html"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "TA08-260A",
"refsource": "CERT",
"url": "http://www.us-cert.gov/cas/techalerts/TA08-260A.html"
},
{
"name": "http://secunia.com/secunia_research/2008-11/advisory/",
"refsource": "MISC",
"url": "http://secunia.com/secunia_research/2008-11/advisory/"
},
{
"name": "28784",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28784"
},
{
"name": "ADV-2008-2584",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2584"
},
{
"name": "31882",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31882"
},
{
"name": "29975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29975"
},
{
"name": "29863",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29863"
},
{
"name": "30328",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30328"
},
{
"name": "28756",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/28756"
},
{
"name": "29886",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29886"
},
{
"name": "1019837",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019837"
},
{
"name": "FEDORA-2008-3420",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00625.html"
},
{
"name": "clamav-cliscanpe-bo(41789)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41789"
},
{
"name": "VU#858595",
"refsource": "CERT-VN",
"url": "http://www.kb.cert.org/vuls/id/858595"
},
{
"name": "30253",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/30253"
},
{
"name": "openSUSE-SU-2015:0906",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00024.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=878"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "FEDORA-2008-3358",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-April/msg00576.html"
},
{
"name": "ADV-2008-1218",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/1218/references"
},
{
"name": "DSA-1549",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1549"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-20.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-20.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab",
"assignerShortName": "flexera",
"cveId": "CVE-2008-1100",
"datePublished": "2008-04-14T16:00:00",
"dateReserved": "2008-02-29T00:00:00",
"dateUpdated": "2024-08-07T08:08:57.680Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-0318 (GCVE-0-2008-0318)
Vulnerability from cvelistv5 – Published: 2008-02-12 19:00 – Updated: 2024-08-07 07:39
VLAI?
Summary
Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T07:39:34.808Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29060"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-02-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-02-14T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "27751",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29048"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28913"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28949"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29001"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29060"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-0318",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "27751",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27751"
},
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "29048",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29048"
},
{
"name": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/512985d2cd3090bfb93dcb7b551179cf.html"
},
{
"name": "28913",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28913"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=575703",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=575703"
},
{
"name": "29026",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29026"
},
{
"name": "28949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28949"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=209915",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=209915"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "ADV-2008-0503",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0503"
},
{
"name": "DSA-1497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "1019394",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019394"
},
{
"name": "FEDORA-2008-1608",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00462.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "FEDORA-2008-1625",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-February/msg00481.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "SUSE-SR:2008:004",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-02/msg00008.html"
},
{
"name": "20080212 ClamAV libclamav PE File Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=658"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "28907",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28907"
},
{
"name": "GLSA-200802-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200802-09.xml"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "29001",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29001"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "29060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29060"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-0318",
"datePublished": "2008-02-12T19:00:00",
"dateReserved": "2008-01-16T00:00:00",
"dateUpdated": "2024-08-07T07:39:34.808Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6337 (GCVE-0-2007-6337)
Vulnerability from cvelistv5 – Published: 2007-12-31 19:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.277Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2008-01-12T10:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6337",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in the bzip2 decompression algorithm in nsis/bzlib_private.h in ClamAV before 0.92 has unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "27063",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27063"
},
{
"name": "42293",
"refsource": "OSVDB",
"url": "http://osvdb.org/42293"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "1019149",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019149"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6337",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.277Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6595 (GCVE-0-2007-6595)
Vulnerability from cvelistv5 – Published: 2007-12-31 19:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:088",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6595",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.92 allows local users to overwrite arbitrary files via a symlink attack on (1) temporary files used by the cli_gentempfd function in libclamav/others.c or on (2) .ascii files used by sigtool, when utf16-decode is enabled."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:088",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:088"
},
{
"name": "1019148",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019148"
},
{
"name": "clamantivirus-cligentempfd-symlink(39335)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39335"
},
{
"name": "3501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "31437",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31437"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "28949",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28949"
},
{
"name": "DSA-1497",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2008/dsa-1497"
},
{
"name": "27064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "ADV-2008-0606",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0606"
},
{
"name": "GLSA-200808-07",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200808-07.xml"
},
{
"name": "clamantivirus-sigtool-file-overwrite(39339)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39339"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-19.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-19.txt"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6595",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6596 (GCVE-0-2007-6596)
Vulnerability from cvelistv5 – Published: 2007-12-31 19:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "3501",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6596",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV 0.92 does not recognize Base64 UUEncoded archives, which allows remote attackers to bypass the scanner via a Base64-UUEncoded file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "3501",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3501"
},
{
"name": "29891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29891"
},
{
"name": "clamantivirus-base64uue-security-bypass(39337)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39337"
},
{
"name": "27064",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/27064"
},
{
"name": "1019148",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019148"
},
{
"name": "SUSE-SA:2008:024",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-04/msg00009.html"
},
{
"name": "20071229 TK53 Advisory #2: Multiple vulnerabilities in ClamAV",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485631/100/0/threaded"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6596",
"datePublished": "2007-12-31T19:00:00",
"dateReserved": "2007-12-31T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.144Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6335 (GCVE-0-2007-6335)
Vulnerability from cvelistv5 – Published: 2007-12-20 01:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.767Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6335",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer overflow in libclamav in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MEW packed PE file, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20071218 ClamAV libclamav MEW PE File Integer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=634"
},
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "26927",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26927"
},
{
"name": "DSA-1435",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "1019112",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1019112"
},
{
"name": "clamantivirus-libclamav-mewpe-bo(39119)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39119"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "4862",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/4862"
},
{
"name": "28117",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28117"
},
{
"name": "ADV-2007-4253",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4253"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6335",
"datePublished": "2007-12-20T01:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.767Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6336 (GCVE-0-2007-6336)
Vulnerability from cvelistv5 – Published: 2007-12-20 01:00 – Updated: 2024-08-07 16:02
VLAI?
Summary
Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:02:36.482Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-19T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "MDVSA-2008:003",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28153"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6336",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Off-by-one error in ClamAV before 0.92 allows remote attackers to execute arbitrary code via a crafted MS-ZIP compressed CAB file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "MDVSA-2008:003",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:003"
},
{
"name": "DSA-1435",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1435"
},
{
"name": "28412",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28412"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "FEDORA-2008-0170",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00644.html"
},
{
"name": "28421",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28421"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "FEDORA-2008-0115",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2008-January/msg00740.html"
},
{
"name": "28176",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28176"
},
{
"name": "28587",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28587"
},
{
"name": "clamantivirus-mszip-bo(39169)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39169"
},
{
"name": "28153",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28153"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "GLSA-200712-20",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-20.xml"
},
{
"name": "26946",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26946"
},
{
"name": "1019150",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1019150"
},
{
"name": "28278",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28278"
},
{
"name": "SUSE-SR:2008:001",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2008-01/msg00002.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6336",
"datePublished": "2007-12-20T01:00:00",
"dateReserved": "2007-12-13T00:00:00",
"dateUpdated": "2024-08-07T16:02:36.482Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6029 (GCVE-0-2007-6029)
Vulnerability from cvelistv5 – Published: 2007-11-20 02:00 – Updated: 2024-09-16 16:33
VLAI?
Summary
Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:54:26.076Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26463"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-11-20T02:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26463"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in ClamAV 0.91.1 and 0.91.2 allows remote attackers to execute arbitrary code via a crafted e-mail message. NOTE: this information is based upon a vague advisory by a vulnerability information sales organization that does not coordinate with vendors or release actionable advisories. A CVE has been assigned for tracking purposes, but duplicates with other CVEs are difficult to determine."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069",
"refsource": "MISC",
"url": "http://wslabi.com/wabisabilabi/showBidInfo.do?code=ZD-00000069"
},
{
"name": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html",
"refsource": "MISC",
"url": "http://wabisabilabi.blogspot.com/2007/11/focus-on-clamav-remote-code-execution.html"
},
{
"name": "26463",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26463"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6029",
"datePublished": "2007-11-20T02:00:00Z",
"dateReserved": "2007-11-19T00:00:00Z",
"dateUpdated": "2024-09-16T16:33:53.007Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4560 (GCVE-0-2007-4560)
Vulnerability from cvelistv5 – Published: 2007-08-28 01:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the "recipient field of sendmail."
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.618Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26683"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26654"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25439"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26683"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26654"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25439"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4560",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "clamav-milter in ClamAV before 0.91.2, when run in black hole mode, allows remote attackers to execute arbitrary commands via shell metacharacters that are used in a certain popen call, involving the \"recipient field of sendmail.\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200709-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "3063",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3063"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26916"
},
{
"name": "20070824 n.runs-SA-2007.025 - ClamAV Remote Code Execution Advisory",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/477723/100/0/threaded"
},
{
"name": "26683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26683"
},
{
"name": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php",
"refsource": "MISC",
"url": "http://www.nruns.com/security_advisory_clamav_remote_code_exection.php"
},
{
"name": "FEDORA-2007-2050",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "26751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26751"
},
{
"name": "1018610",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1018610"
},
{
"name": "26654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26654"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "26674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26674"
},
{
"name": "25439",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25439"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4560",
"datePublished": "2007-08-28T01:00:00",
"dateReserved": "2007-08-27T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.618Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-4510 (GCVE-0-2007-4510)
Vulnerability from cvelistv5 – Published: 2007-08-23 19:00 – Updated: 2024-08-07 15:01
VLAI?
Summary
ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T15:01:09.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamav-rtf-dos(36173)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26530"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26674"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-08-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamav-rtf-dos(36173)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26530"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26674"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-4510",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ClamAV before 0.91.2, as used in Kolab Server 2.0 through 2.2beta1 and other products, allows remote attackers to cause a denial of service (application crash) via (1) a crafted RTF file, which triggers a NULL dereference in the cli_scanrtf function in libclamav/rtf.c; or (2) a crafted HTML document with a data: URI, which triggers a NULL dereference in the cli_html_normalise function in libclamav/htmlnorm.c. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamav-rtf-dos(36173)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36173"
},
{
"name": "GLSA-200709-14",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200709-14.xml"
},
{
"name": "26552",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26552"
},
{
"name": "26822",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26822"
},
{
"name": "26916",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26916"
},
{
"name": "25398",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/25398"
},
{
"name": "26683",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26683"
},
{
"name": "FEDORA-2007-2050",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00104.html"
},
{
"name": "DSA-1366",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1366"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-17.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-17.txt"
},
{
"name": "3054",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3054"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "26530",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26530"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=611"
},
{
"name": "2007-0026",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0026/"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "SUSE-SR:2007:018",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_18_sr.html"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=582"
},
{
"name": "26751",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26751"
},
{
"name": "26654",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26654"
},
{
"name": "clamav-clihtmlnormalise-dos(36177)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/36177"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "MDKSA-2007:172",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:172"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=533658",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=533658"
},
{
"name": "ADV-2007-2952",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2952"
},
{
"name": "26674",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26674"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-4510",
"datePublished": "2007-08-23T19:00:00",
"dateReserved": "2007-08-23T00:00:00",
"dateUpdated": "2024-08-07T15:01:09.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3725 (GCVE-0-2007-3725)
Vulnerability from cvelistv5 – Published: 2007-07-12 16:00 – Updated: 2024-08-07 14:28
VLAI?
Summary
The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:28:51.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC",
"x_transferred"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36907"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-07-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "26231",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_FULLDISC"
],
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36907"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3725",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The RAR VM (unrarvm.c) in Clam Antivirus (ClamAV) before 0.91 allows user-assisted remote attackers to cause a denial of service (crash) via a crafted RAR archive, resulting in a NULL pointer dereference."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "26231",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26231"
},
{
"name": "clamav-rarvm-dos(35367)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/35367"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-16.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-16.txt"
},
{
"name": "ADV-2007-2509",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2509"
},
{
"name": "26164",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26164"
},
{
"name": "DSA-1340",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1340"
},
{
"name": "26226",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26226"
},
{
"name": "26038",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26038"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"refsource": "FULLDISC",
"url": "http://lists.grok.org.uk/pipermail/full-disclosure/2007-July/064569.html"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "GLSA-200708-04",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200708-04.xml"
},
{
"name": "36907",
"refsource": "OSVDB",
"url": "http://osvdb.org/36907"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=555"
},
{
"name": "MDKSA-2007:150",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:150"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "2007-0023",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0023/"
},
{
"name": "http://www.metaeye.org/advisories/54",
"refsource": "MISC",
"url": "http://www.metaeye.org/advisories/54"
},
{
"name": "26209",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26209"
},
{
"name": "20070711 Advisory - Clam AntiVirus RAR File Handling Denial Of Service Vulnerability.",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/473371/100/0/threaded"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "26377",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/26377"
},
{
"name": "ADV-2007-2643",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/2643"
},
{
"name": "SUSE-SR:2007:015",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_15_sr.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3725",
"datePublished": "2007-07-12T16:00:00",
"dateReserved": "2007-07-11T00:00:00",
"dateUpdated": "2024-08-07T14:28:51.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3024 (GCVE-0-2007-3024)
Vulnerability from cvelistv5 – Published: 2007-06-07 22:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:55.119Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "libclamav/others.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 uses insecure permissions for temporary files that are created by the cli_gentempstream function in clamd/clamdscan, which might allow local users to read sensitive files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=517"
},
{
"name": "24358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3024",
"datePublished": "2007-06-07T22:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:55.119Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3025 (GCVE-0-2007-3025)
Vulnerability from cvelistv5 – Published: 2007-06-07 22:00 – Updated: 2024-09-17 03:08
VLAI?
Summary
Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:55.042Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-07T22:00:00Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3025",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Unspecified vulnerability in libclamav/phishcheck.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1, when running on Solaris, allows remote attackers to cause a denial of service (hang) via unknown vectors related to the isURL function and regular expressions."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3025",
"datePublished": "2007-06-07T22:00:00Z",
"dateReserved": "2007-06-04T00:00:00Z",
"dateUpdated": "2024-09-17T03:08:16.970Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3123 (GCVE-0-2007-3123)
Vulnerability from cvelistv5 – Published: 2007-06-07 21:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:29.315Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3123",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unrar.c in libclamav in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to cause a denial of service (core dump) via a crafted RAR file with a modified vm_codesize value, which triggers a heap-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "24289",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24289"
},
{
"name": "35522",
"refsource": "OSVDB",
"url": "http://osvdb.org/35522"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=521"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "clamav-rar-dos(34778)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34778"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3123",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:29.315Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3023 (GCVE-0-2007-3023)
Vulnerability from cvelistv5 – Published: 2007-06-07 21:00 – Updated: 2024-08-07 13:57
VLAI?
Summary
unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:57:54.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "36908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2007-06-22T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "36908",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/24358"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3023",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "unsp.c in ClamAV before 0.90.3 and 0.91 before 0.91rc1 does not properly calculate the end of a certain buffer, with unknown impact and remote attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "36908",
"refsource": "OSVDB",
"url": "http://osvdb.org/36908"
},
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=464"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "24358",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/24358"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3023",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-04T00:00:00",
"dateUpdated": "2024-08-07T13:57:54.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-3122 (GCVE-0-2007-3122)
Vulnerability from cvelistv5 – Published: 2007-06-07 21:00 – Updated: 2024-08-07 14:05
VLAI?
Summary
The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T14:05:28.300Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25796"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/45392"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-05-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25796",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25796"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/45392"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-3122",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The parsing engine in ClamAV before 0.90.3 and 0.91 before 0.91rc1 allows remote attackers to bypass scanning via a RAR file with a header flag value of 10, which can be processed by WinRAR."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25796",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25796"
},
{
"name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511",
"refsource": "CONFIRM",
"url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=511"
},
{
"name": "SUSE-SA:2007:033",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_33_clamav.html"
},
{
"name": "25525",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25525"
},
{
"name": "clamav-rar-security-bypass(34823)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34823"
},
{
"name": "25523",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25523"
},
{
"name": "DSA-1320",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1320"
},
{
"name": "http://kolab.org/security/kolab-vendor-notice-15.txt",
"refsource": "CONFIRM",
"url": "http://kolab.org/security/kolab-vendor-notice-15.txt"
},
{
"name": "25688",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25688"
},
{
"name": "[Clamav-announce] 20070530 announcing ClamAV 0.90.3",
"refsource": "MLIST",
"url": "http://lurker.clamav.net/message/20070530.224918.5c64abc4.en.html"
},
{
"name": "45392",
"refsource": "OSVDB",
"url": "http://osvdb.org/45392"
},
{
"name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
"refsource": "CONFIRM",
"url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
},
{
"name": "GLSA-200706-05",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200706-05.xml"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-3122",
"datePublished": "2007-06-07T21:00:00",
"dateReserved": "2007-06-07T00:00:00",
"dateUpdated": "2024-08-07T14:05:28.300Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-2029 (GCVE-0-2007-2029)
Vulnerability from cvelistv5 – Published: 2007-04-30 22:00 – Updated: 2024-08-07 13:23
VLAI?
Summary
File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:23:50.258Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "clamav-pdfhandler-dos(34083)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-25T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "clamav-pdfhandler-dos(34083)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-2029",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "File descriptor leak in the PDF handler in Clam AntiVirus (ClamAV) allows remote attackers to cause a denial of service via a crafted PDF file."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "clamav-pdfhandler-dos(34083)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/34083"
},
{
"name": "34916",
"refsource": "OSVDB",
"url": "http://osvdb.org/34916"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "23656",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23656"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-2029",
"datePublished": "2007-04-30T22:00:00",
"dateReserved": "2007-04-13T00:00:00",
"dateUpdated": "2024-08-07T13:23:50.258Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1997 (GCVE-0-2007-1997)
Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:13
VLAI?
Summary
Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:13:42.010Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE",
"x_transferred"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"tags": [
"third-party-advisory",
"x_refsource_IDEFENSE"
],
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1997",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Integer signedness error in the (1) cab_unstore and (2) cab_extract functions in libclamav/cab.c in Clam AntiVirus (ClamAV) before 0.90.2 allow remote attackers to execute arbitrary code via a crafted CHM file that contains a negative integer, which passes a signed comparison and leads to a stack-based buffer overflow."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25022"
},
{
"name": "2007-0013",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "clamav-cabunstore-cabextract-bo(33637)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33637"
},
{
"name": "1017921",
"refsource": "SECTRACK",
"url": "http://www.securitytracker.com/id?1017921"
},
{
"name": "20070416 Clam AntiVirus ClamAV CAB File Unstore Buffer Overflow Vulnerability",
"refsource": "IDEFENSE",
"url": "http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=513"
},
{
"name": "23473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1997",
"datePublished": "2007-04-16T21:00:00",
"dateReserved": "2007-04-12T00:00:00",
"dateUpdated": "2024-08-07T13:13:42.010Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-1745 (GCVE-0-2007-1745)
Vulnerability from cvelistv5 – Published: 2007-04-16 21:00 – Updated: 2024-08-07 13:06
VLAI?
Summary
The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T13:06:26.233Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX",
"x_transferred"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE",
"x_transferred"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/24891"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-04-13T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-07-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "25022",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"tags": [
"vendor-advisory",
"x_refsource_TRUSTIX"
],
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"tags": [
"vendor-advisory",
"x_refsource_MANDRIVA"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"tags": [
"vendor-advisory",
"x_refsource_APPLE"
],
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25189"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/24891"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-1745",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The chm_decompress_stream function in libclamav/chmunpack.c in Clam AntiVirus (ClamAV) before 0.90.2 leaks file descriptors, which has unknown impact and attack vectors involving a crafted CHM file, a different vulnerability than CVE-2007-0897. NOTE: some of these details are obtained from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "25022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25022"
},
{
"name": "34913",
"refsource": "OSVDB",
"url": "http://osvdb.org/34913"
},
{
"name": "2007-0013",
"refsource": "TRUSTIX",
"url": "http://www.trustix.org/errata/2007/0013/"
},
{
"name": "23473",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/23473"
},
{
"name": "24996",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24996"
},
{
"name": "MDKSA-2007:098",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2007:098"
},
{
"name": "ADV-2008-0924",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/0924/references"
},
{
"name": "SUSE-SA:2007:026",
"refsource": "SUSE",
"url": "http://www.novell.com/linux/security/advisories/2007_26_clamav.html"
},
{
"name": "29420",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/29420"
},
{
"name": "APPLE-SA-2008-03-18",
"refsource": "APPLE",
"url": "http://lists.apple.com/archives/security-announce/2008/Mar/msg00001.html"
},
{
"name": "25189",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25189"
},
{
"name": "http://docs.info.apple.com/article.html?artnum=307562",
"refsource": "CONFIRM",
"url": "http://docs.info.apple.com/article.html?artnum=307562"
},
{
"name": "clamav-chmdecompressstream-dos(33636)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/33636"
},
{
"name": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html",
"refsource": "CONFIRM",
"url": "http://support.novell.com/techcenter/psdb/50a5cb718f20761dd7e0b6b4e0935c52.html"
},
{
"name": "http://sourceforge.net/project/shownotes.php?release_id=500765",
"refsource": "CONFIRM",
"url": "http://sourceforge.net/project/shownotes.php?release_id=500765"
},
{
"name": "ADV-2007-1378",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/1378"
},
{
"name": "25028",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/25028"
},
{
"name": "GLSA-200704-21",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200704-21.xml"
},
{
"name": "24946",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24946"
},
{
"name": "DSA-1281",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1281"
},
{
"name": "24920",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24920"
},
{
"name": "24891",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/24891"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-1745",
"datePublished": "2007-04-16T21:00:00",
"dateReserved": "2007-03-29T00:00:00",
"dateUpdated": "2024-08-07T13:06:26.233Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}