CVE-2008-1100Improper Restriction of Operations within the Bounds of a Memory Buffer in Anti-virus Clamav

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents7 sources
Severity
10.0CRITICALNVD
EPSS
14.6%
top 5.51%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedApr 14
Latest updateMay 1

Description

Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for ClamAV 0.92 and 0.92.1 allows remote attackers to execute arbitrary code via a crafted Upack PE file.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages2 packages

Debianclamav/clamav< 0.92.1~dfsg2-1+3
NVDclam_anti-virus/clamav0.92, 0.92.1+1

🔴Vulnerability Details

3
GHSA
GHSA-fj93-3fq7-589r: Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe2022-05-01
OSV
CVE-2008-1100: Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe2008-04-14
CVEList
CVE-2008-1100: Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe2008-04-14

📋Vendor Advisories

2
Red Hat
clamav: Upack Processing Buffer Overflow Vulnerability2008-04-14
Debian
CVE-2008-1100: clamav - Buffer overflow in the cli_scanpe function in libclamav (libclamav/pe.c) for Cla...2008

💬Community

1
Bugzilla
CVE-2008-1100 clamav: Upack Processing Buffer Overflow Vulnerability2008-04-14
CVE-2008-1100 — Clam Anti-virus Clamav vulnerability | cvebase