First published: Fri Jul 18 2008(Updated: )
libclamav/petite.c in ClamAV before 0.93.3 allows remote attackers to cause a denial of service via a malformed Petite file that triggers an out-of-bounds memory access. NOTE: this issue exists because of an incomplete fix for CVE-2008-2713.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ClamXAV | =0.90.2-p0 | |
ClamXAV | =0.91.2-p0 | |
ClamXAV | =0.90.1 | |
ClamXAV | =0.90 | |
ClamXAV | =0.90.3-p0 | |
ClamXAV | =0.88.7 | |
ClamXAV | =0.88.7-p0 | |
ClamXAV | =0.93 | |
ClamXAV | =0.90.2 | |
ClamXAV | =0.90.1-p0 | |
ClamXAV | =0.88.2 | |
ClamXAV | =0.90.3 | |
ClamXAV | =0.88.6 | |
ClamXAV | =0.90.3-p1 | |
ClamXAV | =0.88.5 | |
ClamXAV | =0.92.1 | |
ClamXAV | =0.92-p0 | |
ClamXAV | =0.88.7-p1 | |
ClamXAV | =0.88.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-3215 is considered a denial-of-service vulnerability due to out-of-bounds memory access.
To fix CVE-2008-3215, upgrade ClamAV to version 0.93.3 or later.
CVE-2008-3215 affects ClamAV versions prior to 0.93.3, including 0.88.2 through 0.93.
CVE-2008-3215 enables remote attackers to cause a denial of service by exploiting malformed Petite files.
There is no known mitigation for CVE-2008-3215 other than upgrading to a secure version.