cbcvebase.
CVE-2008-5050
published 2008-11-13

CVE-2008-5050: Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial…

PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
8.29%
94.2th percentile
Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Affected

87 ranges· showing 25
VendorProductVersion rangeFixed in
clam_anti-virusclamav<= 0.94
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav
clam_anti-virusclamav

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
osv9.3CRITICAL
vendor_debian9.3CRITICAL
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.