Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20458
HistorySep 06, 2008 - 12:00 a.m.

clamav: Crash with crafted chm, CVE-2008-1389

2008-09-0600:00:00
vulners.com
15
JSON

clamav: Crash with crafted chm, CVE-2008-1389

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1389
http://int21.de/cve/CVE-2008-1389-clamav-chd.html
http://www.int21.de/cve/cve-2008-1389-samples.tar.bz2
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089

Description

A fuzzing test showed weakness in the chm parser of clamav, which can possibly
be exploited.
The clamav team has disabled the chm module in older versions though freshclam
updates and has released 0.94 with a fixed parser.

The clamav team has not mentioned this issue in the release notes of 0.94,
which is very bad security behaviour.

Disclosure Timeline

2008-07-09: clamav bug opened
unknown date: clamav disables chm-parser through freshclam
2008-09-02 Vendor releases 0.94
2008-09-04 Released this advisory

CVE Information

The Common Vulnerabilities and Exposures (CVE) project has assigned the name
CVE-2008-1389 to this issue. This is a candidate for inclusion in the CVE
list (http://cve.mitre.org/), which standardizes names for security problems.

Credits and copyright

This vulnerability was discovered by Hanno Boeck of schokokeks.org webhosting.
It's licensed under the creative commons attribution license.

Hanno Boeck, 2008-09-04, http://www.hboeck.de

–
Hanno Bock Blog: http://www.hboeck.de/
GPG: 3DBD3B20 Jabber/Mail: [email protected]

Related

openvas 16
freebsd 1
debiancve 1
securityvulns 1
nessus 11
ubuntucve 1
checkpoint_advisories 1
seebug 1
prion 1
cve 1
redhatcve 1
gentoo 1
fedora 1
openvas
openvas
ClamAV Invalid Memory Access Denial Of Service Vulnerability
2008-09-05 00:00:00
FreeBSD Ports: clamav
2008-09-17 00:00:00
ClamAV Invalid Memory Access Denial Of Service Vulnerability
2008-09-05 00:00:00
freebsd
freebsd
clamav -- CHM Processing Denial of Service
2008-07-09 00:00:00
debiancve
debiancve
CVE-2008-1389
2008-09-04 16:41:00
securityvulns
securityvulns
ClamAV antivirus CHM files DoS
2008-09-06 00:00:00
nessus
nessus
FreeBSD : clamav -- CHM Processing Denial of Service (da5c4072-8082-11dd-9c8c-001c2514716c)
2008-09-12 00:00:00
SuSE 10 Security Update : clamav (ZYPP Patch Number 5579)
2008-09-11 00:00:00
SuSE9 Security Update : clamav (YOU Patch Number 12236)
2009-09-24 00:00:00
ubuntucve
ubuntucve
CVE-2008-1389
2008-09-04 00:00:00
checkpoint_advisories
checkpoint_advisories
ClamAV AntiVirus CHM File Handling Denial of Service (CVE-2008-1389)
2009-11-03 00:00:00
seebug
seebug
ClamAV 'chmunpack.c'非æģ•å†…å­˜čŪŋé—ŪčŋœįĻ‹æ‹’įŧæœåŠĄæžæīž
2008-09-10 00:00:00
prion
prion
Design/Logic Flaw
2008-09-04 16:41:00
cve
cve
CVE-2008-1389
2008-09-04 16:41:00
redhatcve
redhatcve
CVE-2008-1389
2019-10-04 22:00:15
gentoo
gentoo
ClamAV: Multiple Denials of Service
2008-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 9 Update: clamav-0.93.3-2.fc9
2008-11-14 12:44:50
JSON
Related for SECURITYVULNS:DOC:20458
openvas16freebsd1debiancve1securityvulns1nessus11ubuntucve1checkpoint_advisories1seebug1prion1cve1redhatcve1gentoo1fedora1