Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
9.3
CVSSv2

CVE-2008-5050

Published: 13/11/2008 Updated: 11/10/2018
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
VMScore: 828
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Subscribe to Clam Anti-virus

Vulnerability Summary

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) prior to 0.94.1 allows remote malicious users to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Vulnerable Product Search on Vulmon Subscribe to Product

clam anti-virus clamav 0.85.1

clam anti-virus clamav 0.85

clam anti-virus clamav 0.81

clam anti-virus clamav 0.80_rc4

clam anti-virus clamav 0.73

clam anti-virus clamav 0.74

clam anti-virus clamav 0.65

clam anti-virus clamav 0.54

clam anti-virus clamav 0.90

clam anti-virus clamav 0.90_rc1.1

clam anti-virus clamav 0.88

clam anti-virus clamav 0.88.1

clam anti-virus clamav 0.88.3

clam anti-virus clamav 0.90rc1

clam anti-virus clamav 0.91rc1

clam anti-virus clamav 0.90.3

clam anti-virus clamav 0.03

clam anti-virus clamav 0.04

clam anti-virus clamav 0.05

clam anti-virus clamav 0.91.1

clam anti-virus clamav 0.06

clam anti-virus clamav 0.92.1

clam anti-virus clamav 0.20

clam anti-virus clamav 0.21

clam anti-virus clamav 0.86_rc1

clam anti-virus clamav 0.86

clam anti-virus clamav 0.82

clam anti-virus clamav 0.81_rc1

clam anti-virus clamav 0.75.1

clam anti-virus clamav 0.60p

clam anti-virus clamav 0.68

clam anti-virus clamav 0.88.7

clam anti-virus clamav 0.87

clam anti-virus clamav 0.87.1

clam anti-virus clamav 0.91rc2

clam anti-virus clamav 0.91

clam anti-virus clamav 0.91.2

clam anti-virus clamav 0.92

clam anti-virus clamav 0.02

clam anti-virus clamav 0.84

clam anti-virus clamav 0.14

clam anti-virus clamav 0.10

clam anti-virus clamav 0.51

clam anti-virus clamav 0.52

clam anti-virus clamav 0.53

clam anti-virus clamav

clam anti-virus clamav 0.84_rc2

clam anti-virus clamav 0.84_rc1

clam anti-virus clamav 0.80_rc3

clam anti-virus clamav 0.80_rc2

clam anti-virus clamav 0.71

clam anti-virus clamav 0.72

clam anti-virus clamav 0.80

clam anti-virus clamav 0.60

clam anti-virus clamav 0.68.1

clam anti-virus clamav 0.90_rc2

clam anti-virus clamav 0.90_rc3

clam anti-virus clamav 0.88.4

clam anti-virus clamav 0.93

clam anti-virus clamav 0.93.2

clam anti-virus clamav 0.90.1

clam anti-virus clamav 0.90.2

clam anti-virus clamav 0.12

clam anti-virus clamav 0.11

clam anti-virus clamav 0.22

clam anti-virus clamav 0.23

clam anti-virus clamav 0.86.2

clam anti-virus clamav 0.86.1

clam anti-virus clamav 0.83

clam anti-virus clamav 0.80_rc1

clam anti-virus clamav 0.75

clam anti-virus clamav 0.70

clam anti-virus clamav 0.67

clam anti-virus clamav 0.88.5

clam anti-virus clamav 0.88.6

clam anti-virus clamav 0.88.2

clam anti-virus clamav 0.01

clam anti-virus clamav 0.13

clam anti-virus clamav 0.15

clam anti-virus clamav 0.24

clam anti-virus clamav 0.93.1

clam anti-virus clamav 0.93.3

Vendor Advisories

Ubuntu Security Notice: clamav vulnerability
Moritz Jodeit discovered that ClamAV did not correctly handle certain strings when examining a VBA project If a remote attacker tricked ClamAV into processing a malicious VBA file, ClamAV would crash, leading to a denial of service ...
Debian CVElist Bug Report Logs: clamav: ClamAV get_unicode_name() off-by-one buffer overflow
Debian Bug report logs - #505134 clamav: ClamAV get_unicode_name() off-by-one buffer overflow Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: Stefan Fritsch <sf@sfritschde> Date: Sun, 9 Nov 2008 18:5 ...
Debian CVElist Bug Report Logs: clamav: recursive stack overflow in jpeg parsing code
Debian Bug report logs - #507624 clamav: recursive stack overflow in jpeg parsing code Package: clamav; Maintainer for clamav is ClamAV Team <pkg-clamav-devel@listsaliothdebianorg>; Source for clamav is src:clamav (PTS, buildd, popcon) Reported by: "Michael Gilbert" <michaelsgilbert@gmailcom> Date: Wed, 3 Dec ...

References

CWE-119http://lists.grok.org.uk/pipermail/full-disclosure/2008-November/065530.htmlhttp://sourceforge.net/project/shownotes.php?release_id=637952&group_id=86638http://secunia.com/advisories/32663http://www.securityfocus.com/bid/32207http://secunia.com/advisories/32872http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.htmlhttp://secunia.com/advisories/32699https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.htmlhttp://www.mandriva.com/security/advisories?name=MDVSA-2008:229https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.htmlhttp://www.debian.org/security/2008/dsa-1680http://secunia.com/advisories/33016http://secunia.com/advisories/33317http://security.gentoo.org/glsa/glsa-200812-21.xmlhttp://securityreason.com/securityalert/4579http://lists.apple.com/archives/security-announce/2009/Feb/msg00000.htmlhttp://secunia.com/advisories/33937http://support.apple.com/kb/HT3438http://www.vupen.com/english/advisories/2009/0422http://www.vupen.com/english/advisories/2008/3085http://www.securitytracker.com/id?1021159http://www.ubuntu.com/usn/usn-672-1http://secunia.com/advisories/32765https://exchange.xforce.ibmcloud.com/vulnerabilities/46462http://www.securityfocus.com/archive/1/498169/100/0/threadedhttps://usn.ubuntu.com/672-1/https://nvd.nist.gov
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
race conditionCVE-2024-4249CVE-2024-4244CVE-2023-20198TCPCVE-2022-48648CVE-2022-48636CVE-2024-21345SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook