Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-5314Anti-virus Clamav vulnerability

CWE-39910 documents9 sources
Severity
4.3MEDIUMNVD
EPSS
24.6%
top 3.86%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
ClamavClam Anti-virus Clamav
Timeline
PublishedDec 3
Latest updateMay 17

Description

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages2 packages

Debianclamav/clamav< 0.94.dfsg.2-1+3
NVDclam_anti-virus/clamav0.94.1+40

🔴Vulnerability Details

3
GHSA
GHSA-73rj-52cv-hrpx: Stack consumption vulnerability in libclamav/special2022-05-17
OSV
CVE-2008-5314: Stack consumption vulnerability in libclamav/special2008-12-03
CVEList
CVE-2008-5314: Stack consumption vulnerability in libclamav/special2008-12-03

💥Exploits & PoCs

2
Exploit-DB
TFTP Server 1.4 - ST 'RRQ' Remote Buffer Overflow2012-01-10
Exploit-DB
ClamAV < 0.94.2 - JPEG Parsing Recursive Stack Overflow (PoC)2008-12-03

📋Vendor Advisories

3
Ubuntu
ClamAV vulnerability2008-12-02
Red Hat
clamav: DoS / crash via crafted jpeg image2008-12-01
Debian
CVE-2008-5314: clamav - Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 a...2008

💬Community

1
Bugzilla
CVE-2008-5314 clamav: DoS / crash via crafted jpeg image2008-12-03
CVE-2008-5314 — Clam Anti-virus Clamav vulnerability | cvebase