CVE-2008-0318

Integer overflow in the cli_scanpe function in libclamav in ClamAV before 0.92.1, as used in clamd, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a crafted Petite packed PE file, which triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
10 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:C/I:C/A:C
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
clam_anti-virusclamav
𝑥
≤ 0.92
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clamav
bullseye
0.103.10+dfsg-0+deb11u1
fixed
bookworm
1.0.5+dfsg-1~deb12u1
fixed
sid
1.4.1+dfsg-1
fixed
trixie
1.4.1+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clamav
gutsy
Fixed 0.91.2-3ubuntu2.3
released
feisty
Fixed 0.90.2-0ubuntu1.6
released
edgy
ignored
dapper
Fixed 0.92~dfsg-2~dapper1ubuntu0.1
released
Common Weakness Enumeration
References