9.3 High
CVSS2
Access Vector
NETWORK
Access Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
0.162 Low
EPSS
Percentile
95.2%
Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers
from an off-by-one-error in its VBA project file processing, leading to
a heap-based buffer overflow and potentially arbitrary code execution
(CVE-2008-5050).
Ilja van Sprundel discovered that ClamAV contains a denial of service
condition in its JPEG file processing because it does not limit the
recursion depth when processing JPEG thumbnails (CVE-2008-5314).
For the stable distribution (etch), these problems have been fixed in
version 0.90.1dfsg-4etch16.
For the unstable distribution (sid), these problems have been fixed in
version 0.94.dfsg.2-1.
The testing distribution (lenny) will be fixed soon.
We recommend that you upgrade your clamav packages.