16 matches found
SLES10: Security update for ClamAV
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: clamav More details may also be found by searching for the SuSE Enterprise Server 10 patch database linked in the references. SPDX-FileCopyrightText: 2009...
SLES9: Security update for ClamAV
The remote host is missing updates to packages that affect the security of your system. One or more of the following packages are affected: clamav For more information, please visit the referenced security advisories. More details may also be found by searching for keyword 5039718 within the SuSE...
ClamAV AntiVirus cli_check_jpeg_exploit Function Denial of Service (CVE-2008-5314)
ClamAV AntiVirus is an open source product that provides anti-virus scanning utilities and an anti-virus library. The product is capable of decoding and scanning several file formats including image formats like JPEG. A buffer overflow vulnerability exists in the ClamAV AntiVirus product. The...
SuSE9 Security Update : ClamAV (YOU Patch Number 12318)
Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41262; scriptversion"1.8";...
SuSE 10 Security Update : ClamAV (ZYPP Patch Number 5842)
Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. include'deprecatednasllevel.inc'; include'compat.inc'; if description scriptid41485; scriptversion"1.11";...
openSUSE Security Update : clamav (clamav-357)
Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-357. The text description of this plugin is C SUSE LLC...
Ubuntu 8.10 : clamav vulnerability (USN-684-1)
Ilja van Sprundel discovered that ClamAV did not handle recursive JPEG information. If a remote attacker sent a specially crafted JPEG file, ClamAV would crash, leading to a denial of service. Note that Tenable Network Security has extracted the preceding description block directly from the Ubunt...
Mandriva Update for clamav MDVSA-2008:239 (clamav)
Check for the Version of clamav OpenVAS Vulnerability Test Mandriva Update for clamav MDVSA-2008:239 clamav Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...
Gentoo Security Advisory GLSA 200812-21 (clamav)
The remote host is missing updates announced in advisory GLSA 200812-21. SPDX-FileCopyrightText: 2008 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Gentoo Security Advisory GLSA 200812-21 (clamav)
The remote host is missing updates announced in advisory GLSA 200812-21. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...
openSUSE 10 Security Update : clamav (clamav-5843)
Specially crafted jpg files could crash the clamd daemon of clamav. CVE-2008-5314 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update clamav-5843. The text description of this plugin is C SUSE LLC...
[SECURITY] [DSA 1680-1] New clamav packages fix potential code execution
------------------------------------------------------------------------ Debian Security Advisory DSA-1680-1 [email protected] http://www.debian.org/security/ Florian Weimer December 04, 2008 http://www.debian.org/security/faq -...
Debian DSA-1680-1 : clamav - buffer overflow, stack consumption
Moritz Jodeit discovered that ClamAV, an anti-virus solution, suffers from an off-by-one-error in its VBA project file processing, leading to a heap-based buffer overflow and potentially arbitrary code execution CVE-2008-5050 . Ilja van Sprundel discovered that ClamAV contains a denial of service...
CVE-2008-5314
Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service daemon crash via a crafted JPEG file, related to the clicheckjpegexploit, jpegcheckphotoshop, and jpegcheckphotoshop8bim functions...
CVE-2008-5314
CVE-2008-5314 is a stack consumption vulnerability in ClamAV prior to 0.94.2. The flaw is in libclamav/special.c where processing crafted JPEG files via functions cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim can exhaust the stack, leading to a denial of service thro...
ClamAV < 0.94.2 cli_check_jpeg_exploit() Malformed JPEG File DoS
According to its version, the clamd antivirus daemon on the remote host is earlier than 0.94.2. There is a recursive stack overflow involving the JPEG parsing code in such versions. A remote attacker may be able to leverage this issue to cause the application to recursively scan a specially craft...