CVE-2008-5314

MEDIUM

Description

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.

References

http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

http://lists.opensuse.org/opensuse-security-announce/2008-12/msg00003.html

http://lurker.clamav.net/message/20081126.150241.55b1e092.en.html

http://osvdb.org/50363

http://secunia.com/advisories/32926

http://secunia.com/advisories/32936

http://secunia.com/advisories/33016

http://secunia.com/advisories/33195

http://secunia.com/advisories/33317

http://secunia.com/advisories/33937

http://security.gentoo.org/glsa/glsa-200812-21.xml

http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134

http://support.apple.com/kb/HT3438

http://www.debian.org/security/2008/dsa-1680

http://www.mandriva.com/security/advisories?name=MDVSA-2008:239

http://www.openwall.com/lists/oss-security/2008/12/01/8

http://www.securityfocus.com/bid/32555

http://www.securitytracker.com/id?1021296

http://www.ubuntu.com/usn/usn-684-1

http://www.vupen.com/english/advisories/2008/3311

http://www.vupen.com/english/advisories/2009/0422

https://exchange.xforce.ibmcloud.com/vulnerabilities/46985

https://www.exploit-db.com/exploits/7330

https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266

Details

Source: MITRE

Published: 2008-12-03

Updated: 2017-09-29

Type: CWE-399

Risk Information

CVSS v2.0

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.93.3:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:0.94:*:*:*:*:*:*:*

cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* versions up to 0.94.1 (inclusive)

Tenable Plugins

View all (11 total)

IDNameProductFamilySeverity
41485SuSE 10 Security Update : ClamAV (ZYPP Patch Number 5842)NessusSuSE Local Security Checks
medium
41262SuSE9 Security Update : ClamAV (YOU Patch Number 12318)NessusSuSE Local Security Checks
medium
39933openSUSE Security Update : clamav (clamav-357)NessusSuSE Local Security Checks
medium
37977Ubuntu 8.10 : clamav vulnerability (USN-684-1)NessusUbuntu Local Security Checks
medium
37414Mandriva Linux Security Advisory : clamav (MDVSA-2008:239)NessusMandriva Local Security Checks
medium
35684Mac OS X Multiple Vulnerabilities (Security Update 2009-001)NessusMacOS X Local Security Checks
critical
35268GLSA-200812-21 : ClamAV: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
35103openSUSE 10 Security Update : clamav (clamav-5843)NessusSuSE Local Security Checks
medium
35033Debian DSA-1680-1 : clamav - buffer overflow, stack consumptionNessusDebian Local Security Checks
high
35009ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoSNessusGain a shell remotely
medium
4776ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS (deprecated)Nessus Network MonitorWeb Clients
medium