CVE-2008-2713

Published: 16 June 2008

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Notes

Author	Note
jdstrand	249316 has a more complete patch

Priority

Status

Package	Release	Status
clamav Launchpad, Ubuntu, Debian	dapper	Released (0.92.1~dfsg2-1.1~dapper3.1)
	feisty	Released (0.92.1~dfsg2-1.1~feisty3.1)
	gutsy	Released (0.92.1~dfsg2-1.1~gutsy3.1)
	hardy	Released (0.92.1~dfsg2-1.1ubuntu0.2)
	upstream	Released (0.93.1)
	Patches: upstream: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886 debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/clamav/+bug/249316

References

https://www.cve.org/CVERecord?id=CVE-2008-2713
NVD
Launchpad
Debian

Bugs

https://bugs.edge.launchpad.net/ubuntu/+source/clamav/+bug/238575
https://bugs.launchpad.net/ubuntu/hardy/+source/clamav/+bug/249316

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›