CVE-2008-1389 — Anti-virus Clamav vulnerability

CWE-3997 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

8.2%

top 7.80%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Clamav Clam Anti-virus Clamav

Timeline

PublishedSep 4

Latest updateMay 1

Description

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianclamav/clamav< 0.94.dfsg-1+3

▶NVDclam_anti-virus/clamav0.93.3+58

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-r2w2-7wgr-pq2v: libclamav/chmunpack↗2022-05-01

▶

CVEList

CVE-2008-1389: libclamav/chmunpack↗2008-09-04

▶

OSV

CVE-2008-1389: libclamav/chmunpack↗2008-09-04

▶

📋Vendor Advisories

Debian

CVE-2008-1389: clamav - libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote atta...↗2008

▶

Red Hat

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗

▶

💬Community

Bugzilla

clamav: multiple security fixes in 0.94 (CVE-2008-1389, CVE-2008-3912, CVE-2008-3913, CVE-2008-3914)↗2008-09-08

▶