CVE-2008-2713

Publication date 16 June 2008

Last updated 24 July 2024

libclamav/petite.c in ClamAV before 0.93.1 allows remote attackers to cause a denial of service via a crafted Petite file that triggers an out-of-bounds read.

Read the notes from the security team

Status

Show unmaintained releases

Package	Ubuntu Release	Status
clamav	8.04 LTS hardy	Fixed 0.92.1~dfsg2-1.1ubuntu0.2
	7.10 gutsy	Fixed 0.92.1~dfsg2-1.1~gutsy3.1
	7.04 feisty	Fixed 0.92.1~dfsg2-1.1~feisty3.1
	6.06 LTS dapper	Fixed 0.92.1~dfsg2-1.1~dapper3.1

How can I get the fixes?
What do statuses mean?
Patch details

Notes

jdstrand

249316 has a more complete patch

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
clamav	Upstream: http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/branches/0.93/libclamav/petite.c&rev=3886 Debdiff: https://bugs.launchpad.net/ubuntu/hardy/+source/clamav/+bug/249316

References

MITRE
NVD
Launchpad
Debian

Other references

https://www.cve.org/CVERecord?id=CVE-2008-2713