CVE-2008-2713

Current Description

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Referenced by CVEs:CVE-2008-3215

Basic Data

PublishedJune 16, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-399
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:P
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactPARTIAL
CVSS 2 - Base Score5.0
SeverityMEDIUM
Exploitability Score10.0
Impact Score2.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationClam Anti-virusClamav0.15*******
    2.3ApplicationClam Anti-virusClamav0.20*******
    2.3ApplicationClam Anti-virusClamav0.21*******
    2.3ApplicationClam Anti-virusClamav0.22*******
    2.3ApplicationClam Anti-virusClamav0.23*******
    2.3ApplicationClam Anti-virusClamav0.24*******
    2.3ApplicationClam Anti-virusClamav0.51*******
    2.3ApplicationClam Anti-virusClamav0.52*******
    2.3ApplicationClam Anti-virusClamav0.53*******
    2.3ApplicationClam Anti-virusClamav0.54*******
    2.3ApplicationClam Anti-virusClamav0.60*******
    2.3ApplicationClam Anti-virusClamav0.60p*******
    2.3ApplicationClam Anti-virusClamav0.65*******
    2.3ApplicationClam Anti-virusClamav0.67*******
    2.3ApplicationClam Anti-virusClamav0.68*******
    2.3ApplicationClam Anti-virusClamav0.68.1*******
    2.3ApplicationClam Anti-virusClamav0.70*******
    2.3ApplicationClam Anti-virusClamav0.71*******
    2.3ApplicationClam Anti-virusClamav0.72*******
    2.3ApplicationClam Anti-virusClamav0.73*******
    2.3ApplicationClam Anti-virusClamav0.74*******
    2.3ApplicationClam Anti-virusClamav0.75*******
    2.3ApplicationClam Anti-virusClamav0.75.1*******
    2.3ApplicationClam Anti-virusClamav0.80*******
    2.3ApplicationClam Anti-virusClamav0.80_rc1*******
    2.3ApplicationClam Anti-virusClamav0.80_rc2*******
    2.3ApplicationClam Anti-virusClamav0.80_rc3*******
    2.3ApplicationClam Anti-virusClamav0.80_rc4*******
    2.3ApplicationClam Anti-virusClamav0.81*******
    2.3ApplicationClam Anti-virusClamav0.81_rc1*******
    2.3ApplicationClam Anti-virusClamav0.82*******
    2.3ApplicationClam Anti-virusClamav0.83*******
    2.3ApplicationClam Anti-virusClamav0.84*******
    2.3ApplicationClam Anti-virusClamav0.84_rc1*******
    2.3ApplicationClam Anti-virusClamav0.84_rc2*******
    2.3ApplicationClam Anti-virusClamav0.85*******
    2.3ApplicationClam Anti-virusClamav0.85.1*******
    2.3ApplicationClam Anti-virusClamav0.86*******
    2.3ApplicationClam Anti-virusClamav0.86.1*******
    2.3ApplicationClam Anti-virusClamav0.86.2*******
    2.3ApplicationClam Anti-virusClamav0.86_rc1*******
    2.3ApplicationClam Anti-virusClamav0.87*******
    2.3ApplicationClam Anti-virusClamav0.87.1*******
    2.3ApplicationClam Anti-virusClamav0.88*******
    2.3ApplicationClam Anti-virusClamav0.88.1*******
    2.3ApplicationClam Anti-virusClamav0.88.3*******
    2.3ApplicationClam Anti-virusClamav0.88.4*******
    2.3ApplicationClam Anti-virusClamav0.88.5*******
    2.3ApplicationClam Anti-virusClamav0.88.6*******
    2.3ApplicationClam Anti-virusClamav0.88.7*******
    2.3ApplicationClam Anti-virusClamav0.90*******
    2.3ApplicationClam Anti-virusClamav0.90.1*******
    2.3ApplicationClam Anti-virusClamav0.90.2*******
    2.3ApplicationClam Anti-virusClamav0.90_rc1.1*******
    2.3ApplicationClam Anti-virusClamav0.90_rc2*******
    2.3ApplicationClam Anti-virusClamav0.90_rc3*******
    2.3ApplicationClam Anti-virusClamav0.90rc1*******

Vulnerable Software List

VendorProductVersions
Clam Anti-virus Clamav 0.15, 0.20, 0.21, 0.22, 0.23, 0.24, 0.51, 0.52, 0.53, 0.54, 0.60, 0.60p, 0.65, 0.67, 0.68, 0.68.1, 0.70, 0.71, 0.72, 0.73, 0.74, 0.75, 0.75.1, 0.80, 0.80_rc1, 0.80_rc2, 0.80_rc3, 0.80_rc4, 0.81, 0.81_rc1, 0.82, 0.83, 0.84, 0.84_rc1, 0.84_rc2, 0.85, 0.85.1, 0.86, 0.86.1, 0.86.2, 0.86_rc1, 0.87, 0.87.1, 0.88, 0.88.1, 0.88.3, 0.88.4, 0.88.5, 0.88.6, 0.88.7, 0.90, 0.90.1, 0.90.2, 0.90_rc1.1, 0.90_rc2, 0.90_rc3, 0.90rc1

References

NameSourceURLTags
http://kolab.org/security/kolab-vendor-notice-21.txthttp://kolab.org/security/kolab-vendor-notice-21.txtCONFIRM
APPLE-SA-2008-09-15http://lists.apple.com/archives/security-announce//2008/Sep/msg00005.htmlAPPLE
SUSE-SR:2008:014http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.htmlSUSE
SUSE-SR:2008:015http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00006.htmlSUSE
30657http://secunia.com/advisories/30657SECUNIA
30785http://secunia.com/advisories/30785SECUNIA
30829http://secunia.com/advisories/30829SECUNIA
30967http://secunia.com/advisories/30967SECUNIA
31091http://secunia.com/advisories/31091SECUNIA
31167http://secunia.com/advisories/31167SECUNIA
31206http://secunia.com/advisories/31206SECUNIA
31437http://secunia.com/advisories/31437SECUNIA
31576http://secunia.com/advisories/31576SECUNIA
31882http://secunia.com/advisories/31882SECUNIA
GLSA-200808-07http://security.gentoo.org/glsa/glsa-200808-07.xmlGENTOO
http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638http://sourceforge.net/project/shownotes.php?release_id=605577&group_id=86638CONFIRM
http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&reCONFIRMExploit
http://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlhttp://up2date.astaro.com/2008/08/up2date_asg_v7300_ga_released.htmlCONFIRM
DSA-1616http://www.debian.org/security/2008/dsa-1616DEBIAN
MDVSA-2008:122http://www.mandriva.com/security/advisories?name=MDVSA-2008:122MANDRIVA
[oss-security] 20080615 CVE id request: Clamavhttp://www.openwall.com/lists/oss-security/2008/06/15/2MLIST
[oss-security] 20080617 Re: CVE id request: Clamavhttp://www.openwall.com/lists/oss-security/2008/06/17/8MLIST
29750http://www.securityfocus.com/bid/29750BID
1020305http://www.securitytracker.com/id?1020305SECTRACK
TA08-260Ahttp://www.us-cert.gov/cas/techalerts/TA08-260A.htmlCERTUS Government Resource
ADV-2008-1855http://www.vupen.com/english/advisories/2008/1855/referencesVUPEN
ADV-2008-2584http://www.vupen.com/english/advisories/2008/2584VUPEN
clamav-petite-dos(43133)https://exchange.xforce.ibmcloud.com/vulnerabilities/43133XF
FEDORA-2008-6422https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00617.htmlFEDORA
FEDORA-2008-5476https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00763.htmlFEDORA
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1000CONFIRM