[Secure-testing-team] Bug#490925: CVE-2008-2713: DoS
Steffen Joeris
steffen.joeris at skolelinux.de
Tue Jul 15 11:35:00 UTC 2008
Package: libclamav4
Severity: grave
Tags: security, patch
Justification: user security hole
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for clamav.
CVE-2008-2713[0]:
| libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to
| cause a denial of service via a crafted Petite file that triggers an
| out-of-bounds read.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
The DTSA released for this issue seems to have been incomplete. Please
see this mail[1] and the additional upstream commit[2].
Cheers
Steffen
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-2713
http://security-tracker.debian.net/tracker/CVE-2008-2713
[1] http://www.openwall.com/lists/oss-security/2008/07/15/1
[2] http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3920
More information about the Secure-testing-team
mailing list