First published: Wed Apr 08 2009(Updated: )
libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
ClamAV | =0.93.1 | |
ClamAV | =0.94 | |
ClamAV | <=0.94.2 | |
ClamAV | =0.94.1 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2008-6680 is considered a high severity vulnerability due to its potential to cause a denial of service through a crash.
To fix CVE-2008-6680, upgrade ClamAV to the latest version that is above 0.95.
CVE-2008-6680 affects ClamAV versions prior to 0.95 including 0.93.1, 0.94, and up to 0.94.2.
CVE-2008-6680 facilitates a remote denial of service attack via a crafted EXE file.
There is no known workaround for CVE-2008-6680; the best mitigation is upgrading the affected software.