Vulnerability-Lookup

CVE-2008-1389 (GCVE-0-2008-1389)

Vulnerability from cvelistv5 – Published: 2008-09-04 16:00 – Updated: 2024-08-07 08:17

Summary

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://secunia.com/advisories/32030	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/30994	vdb-entryx_refsource_BID
	http://www.vupen.com/english/advisories/2008/2484	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/31982	third-party-advisoryx_refsource_SECUNIA
	http://www.securityfocus.com/bid/31681	vdb-entryx_refsource_BID
	http://int21.de/cve/CVE-2008-1389-clamav-chd.html	x_refsource_MISC
	http://lists.opensuse.org/opensuse-security-annou…	vendor-advisoryx_refsource_SUSE
	http://sourceforge.net/project/shownotes.php?grou…	x_refsource_CONFIRM
	http://secunia.com/advisories/31725	third-party-advisoryx_refsource_SECUNIA
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://secunia.com/advisories/32222	third-party-advisoryx_refsource_SECUNIA
	http://security.gentoo.org/glsa/glsa-200809-18.xml	vendor-advisoryx_refsource_GENTOO
	http://kolab.org/security/kolab-vendor-notice-22.txt	x_refsource_CONFIRM
	http://www.securitytracker.com/id?1020805	vdb-entryx_refsource_SECTRACK
	http://www.vupen.com/english/advisories/2008/2780	vdb-entryx_refsource_VUPEN
	http://www.vupen.com/english/advisories/2008/2564	vdb-entryx_refsource_VUPEN
	http://secunia.com/advisories/32699	third-party-advisoryx_refsource_SECUNIA
	http://lists.apple.com/archives/security-announce…	vendor-advisoryx_refsource_APPLE
	http://support.apple.com/kb/HT3216	x_refsource_CONFIRM
	http://secunia.com/advisories/31906	third-party-advisoryx_refsource_SECUNIA
	https://www.redhat.com/archives/fedora-package-an…	vendor-advisoryx_refsource_FEDORA
	http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog	x_refsource_CONFIRM
	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T08:17:34.723Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "32030",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32030"
          },
          {
            "name": "30994",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/30994"
          },
          {
            "name": "ADV-2008-2484",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2484"
          },
          {
            "name": "31982",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31982"
          },
          {
            "name": "31681",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
          },
          {
            "name": "SUSE-SR:2008:018",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
          },
          {
            "name": "31725",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31725"
          },
          {
            "name": "MDVSA-2008:189",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
          },
          {
            "name": "FEDORA-2008-9651",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
          },
          {
            "name": "32222",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "GLSA-200809-18",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
          },
          {
            "name": "1020805",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id?1020805"
          },
          {
            "name": "ADV-2008-2780",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "ADV-2008-2564",
            "tags": [
              "vdb-entry",
              "x_refsource_VUPEN",
              "x_transferred"
            ],
            "url": "http://www.vupen.com/english/advisories/2008/2564"
          },
          {
            "name": "32699",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/32699"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "tags": [
              "vendor-advisory",
              "x_refsource_APPLE",
              "x_transferred"
            ],
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "31906",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/31906"
          },
          {
            "name": "FEDORA-2008-9644",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2008-09-01T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2008-09-24T09:00:00.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "32030",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32030"
        },
        {
          "name": "30994",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/30994"
        },
        {
          "name": "ADV-2008-2484",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2484"
        },
        {
          "name": "31982",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31982"
        },
        {
          "name": "31681",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/31681"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
        },
        {
          "name": "SUSE-SR:2008:018",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
        },
        {
          "name": "31725",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31725"
        },
        {
          "name": "MDVSA-2008:189",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
        },
        {
          "name": "FEDORA-2008-9651",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
        },
        {
          "name": "32222",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32222"
        },
        {
          "name": "GLSA-200809-18",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
        },
        {
          "name": "1020805",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id?1020805"
        },
        {
          "name": "ADV-2008-2780",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2780"
        },
        {
          "name": "ADV-2008-2564",
          "tags": [
            "vdb-entry",
            "x_refsource_VUPEN"
          ],
          "url": "http://www.vupen.com/english/advisories/2008/2564"
        },
        {
          "name": "32699",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/32699"
        },
        {
          "name": "APPLE-SA-2008-10-09",
          "tags": [
            "vendor-advisory",
            "x_refsource_APPLE"
          ],
          "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://support.apple.com/kb/HT3216"
        },
        {
          "name": "31906",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/31906"
        },
        {
          "name": "FEDORA-2008-9644",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1389",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "32030",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32030"
            },
            {
              "name": "30994",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/30994"
            },
            {
              "name": "ADV-2008-2484",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2484"
            },
            {
              "name": "31982",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31982"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html",
              "refsource": "MISC",
              "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
            },
            {
              "name": "SUSE-SR:2008:018",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661",
              "refsource": "CONFIRM",
              "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
            },
            {
              "name": "31725",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31725"
            },
            {
              "name": "MDVSA-2008:189",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
            },
            {
              "name": "FEDORA-2008-9651",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "GLSA-200809-18",
              "refsource": "GENTOO",
              "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
            },
            {
              "name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
              "refsource": "CONFIRM",
              "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
            },
            {
              "name": "1020805",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id?1020805"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            },
            {
              "name": "ADV-2008-2564",
              "refsource": "VUPEN",
              "url": "http://www.vupen.com/english/advisories/2008/2564"
            },
            {
              "name": "32699",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/32699"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "31906",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/31906"
            },
            {
              "name": "FEDORA-2008-9644",
              "refsource": "FEDORA",
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
            },
            {
              "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
              "refsource": "CONFIRM",
              "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
              "refsource": "CONFIRM",
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2008-1389",
    "datePublished": "2008-09-04T16:00:00.000Z",
    "dateReserved": "2008-03-18T00:00:00.000Z",
    "dateUpdated": "2024-08-07T08:17:34.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2008-AVI-437

Vulnerability from certfr_avis - Published: 2008-09-04 - Updated: 2008-09-04

Une vulnérabilité dans ClamAV permet à une personne malintentionnée d'effectuer un déni de service à distance.

Description

Une vulnérabilité lors du traitement de fichiers CHM a été découverte dans ClamAV. Celle-ci peut être exploitée pour causer un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

ClamAV versions antérieures à 0.94.

Impacted products

	Vendor	Product	Description

References

Title

Publication Time

Tags

Rapport de bogue de ClamAV #1089	None	vendor-advisory
Rapport de bogue #1089 de ClamAV : https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089	-	other
Site de ClamAV :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [],
  "affected_systems_content": "\u003cP\u003eClamAV versions ant\u00e9rieures \u00e0 0.94.\u003c/P\u003e",
  "content": "## Description\n\nUne vuln\u00e9rabilit\u00e9 lors du traitement de fichiers CHM a \u00e9t\u00e9 d\u00e9couverte\ndans ClamAV. Celle-ci peut \u00eatre exploit\u00e9e pour causer un d\u00e9ni de service\n\u00e0 distance.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    }
  ],
  "initial_release_date": "2008-09-04T00:00:00",
  "last_revision_date": "2008-09-04T00:00:00",
  "links": [
    {
      "title": "Rapport de bogue #1089 de ClamAV :      https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
      "url": "https://wwws.clamav.net/bugzilla/show%C3%AC_bug.cgi?id=1089"
    },
    {
      "title": "Site de ClamAV :",
      "url": "http://www.clamav.net"
    }
  ],
  "reference": "CERTA-2008-AVI-437",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-09-04T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    }
  ],
  "summary": "Une vuln\u00e9rabilit\u00e9 dans ClamAV permet \u00e0 une personne malintentionn\u00e9e\nd\u0027effectuer un d\u00e9ni de service \u00e0 distance.\n",
  "title": "Vuln\u00e9rabilit\u00e9 dans ClamAV",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Rapport de bogue de ClamAV #1089",
      "url": null
    }
  ]
}

CERTA-2008-AVI-492

Vulnerability from certfr_avis - Published: 2008-10-13 - Updated: 2008-10-13

Plusieurs vulnérabilités affectant Apple Mac Os X permettent à une personne malveillante d'effectuer une exécution de code arbitraire, de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Description

De multiples vulnérabilités ont été découvertes dans Apple Mac OS X. Ces dernières affectent entre autres :

ColorSync ;
CUPS ;
Finder ;
Postfix ;
Networking ;
...

Elles permettent à une personne malintentionnée d'effectuer une exécution de code arbitraire , de provoquer un déni de service à distance, de contourner la politique de sécurité, de porter atteinte à la confidentialité des données et d'élever ses privilèges sur le système.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	N/A	N/A	Mac OS X 10.4.11 ;
	N/A	N/A	Mac OS X 10.5.5.

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT3216 du 09 octobre 2008

None

vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Mac OS X 10.4.11 ;",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    },
    {
      "description": "Mac OS X 10.5.5.",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "N/A",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans Apple Mac OS X. Ces\nderni\u00e8res affectent entre autres :\n\n-   ColorSync ;\n-   CUPS ;\n-   Finder ;\n-   Postfix ;\n-   Networking ;\n-   ...\n\nElles permettent \u00e0 une personne malintentionn\u00e9e d\u0027effectuer une\nex\u00e9cution de code arbitraire , de provoquer un d\u00e9ni de service \u00e0\ndistance, de contourner la politique de s\u00e9curit\u00e9, de porter atteinte \u00e0\nla confidentialit\u00e9 des donn\u00e9es et d\u0027\u00e9lever ses privil\u00e8ges sur le\nsyst\u00e8me.\n\n## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2008-1678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1678"
    },
    {
      "name": "CVE-2008-3643",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3643"
    },
    {
      "name": "CVE-2008-0226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0226"
    },
    {
      "name": "CVE-2008-3642",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3642"
    },
    {
      "name": "CVE-2008-4212",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4212"
    },
    {
      "name": "CVE-2008-0002",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0002"
    },
    {
      "name": "CVE-2008-4215",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4215"
    },
    {
      "name": "CVE-2007-6420",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6420"
    },
    {
      "name": "CVE-2008-2371",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2371"
    },
    {
      "name": "CVE-2008-0674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0674"
    },
    {
      "name": "CVE-2007-5969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5969"
    },
    {
      "name": "CVE-2008-3646",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3646"
    },
    {
      "name": "CVE-2008-3912",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3912"
    },
    {
      "name": "CVE-2008-3914",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3914"
    },
    {
      "name": "CVE-2007-5461",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5461"
    },
    {
      "name": "CVE-2008-3432",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3432"
    },
    {
      "name": "CVE-2008-2079",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2079"
    },
    {
      "name": "CVE-2008-1389",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1389"
    },
    {
      "name": "CVE-2008-1232",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1232"
    },
    {
      "name": "CVE-2008-2370",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2370"
    },
    {
      "name": "CVE-2007-5333",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5333"
    },
    {
      "name": "CVE-2008-2712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2712"
    },
    {
      "name": "CVE-2008-1947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1947"
    },
    {
      "name": "CVE-2007-4850",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-4850"
    },
    {
      "name": "CVE-2007-2691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-2691"
    },
    {
      "name": "CVE-2007-6286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-6286"
    },
    {
      "name": "CVE-2008-3641",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3641"
    },
    {
      "name": "CVE-2008-3913",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3913"
    },
    {
      "name": "CVE-2008-3294",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3294"
    },
    {
      "name": "CVE-2008-3645",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3645"
    },
    {
      "name": "CVE-2008-3647",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-3647"
    },
    {
      "name": "CVE-2007-5342",
      "url": "https://www.cve.org/CVERecord?id=CVE-2007-5342"
    },
    {
      "name": "CVE-2008-2364",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2364"
    },
    {
      "name": "CVE-2008-4214",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4214"
    },
    {
      "name": "CVE-2008-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-1767"
    },
    {
      "name": "CVE-2008-2938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-2938"
    },
    {
      "name": "CVE-2008-0227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-0227"
    },
    {
      "name": "CVE-2008-4101",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4101"
    },
    {
      "name": "CVE-2008-4211",
      "url": "https://www.cve.org/CVERecord?id=CVE-2008-4211"
    }
  ],
  "initial_release_date": "2008-10-13T00:00:00",
  "last_revision_date": "2008-10-13T00:00:00",
  "links": [],
  "reference": "CERTA-2008-AVI-492",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2008-10-13T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "Plusieurs vuln\u00e9rabilit\u00e9s affectant Apple Mac Os X permettent \u00e0 une\npersonne malveillante d\u0027effectuer une ex\u00e9cution de code arbitraire, de\nprovoquer un d\u00e9ni de service \u00e0 distance, de contourner la politique de\ns\u00e9curit\u00e9, de porter atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es et\nd\u0027\u00e9lever ses privil\u00e8ges sur le syst\u00e8me.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans Mac OS X",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT3216 du 09 octobre 2008",
      "url": "http://support.apple.com/kb/HT3216"
    }
  ]
}

GHSA-R2W2-7WGR-PQ2V

Vulnerability from github – Published: 2022-05-01 23:39 – Updated: 2022-05-01 23:39

Details

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2008-1389"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2008-09-04T16:41:00Z",
    "severity": "MODERATE"
  },
  "details": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\"",
  "id": "GHSA-r2w2-7wgr-pq2v",
  "modified": "2022-05-01T23:39:37Z",
  "published": "2022-05-01T23:39:37Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2008-1389"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
    },
    {
      "type": "WEB",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
    },
    {
      "type": "WEB",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
    },
    {
      "type": "WEB",
      "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
    },
    {
      "type": "WEB",
      "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
    },
    {
      "type": "WEB",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31725"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31906"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/31982"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32030"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "type": "WEB",
      "url": "http://secunia.com/advisories/32699"
    },
    {
      "type": "WEB",
      "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
    },
    {
      "type": "WEB",
      "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
    },
    {
      "type": "WEB",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "type": "WEB",
      "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
    },
    {
      "type": "WEB",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/30994"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id?1020805"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2484"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2564"
    },
    {
      "type": "WEB",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

GSD-2008-1389

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

Aliases

CVE-2008-1389

Aliases

CVE-2008-1389

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2008-1389",
    "description": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\"",
    "id": "GSD-2008-1389",
    "references": [
      "https://www.suse.com/security/cve/CVE-2008-1389.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2008-1389"
      ],
      "details": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\"",
      "id": "GSD-2008-1389",
      "modified": "2023-12-13T01:23:03.618438Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2008-1389",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "32030",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32030"
          },
          {
            "name": "30994",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/30994"
          },
          {
            "name": "ADV-2008-2484",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2484"
          },
          {
            "name": "31982",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31982"
          },
          {
            "name": "31681",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/31681"
          },
          {
            "name": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html",
            "refsource": "MISC",
            "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
          },
          {
            "name": "SUSE-SR:2008:018",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
          },
          {
            "name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661",
            "refsource": "CONFIRM",
            "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
          },
          {
            "name": "31725",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31725"
          },
          {
            "name": "MDVSA-2008:189",
            "refsource": "MANDRIVA",
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
          },
          {
            "name": "FEDORA-2008-9651",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
          },
          {
            "name": "32222",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32222"
          },
          {
            "name": "GLSA-200809-18",
            "refsource": "GENTOO",
            "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
          },
          {
            "name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
            "refsource": "CONFIRM",
            "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
          },
          {
            "name": "1020805",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id?1020805"
          },
          {
            "name": "ADV-2008-2780",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2780"
          },
          {
            "name": "ADV-2008-2564",
            "refsource": "VUPEN",
            "url": "http://www.vupen.com/english/advisories/2008/2564"
          },
          {
            "name": "32699",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/32699"
          },
          {
            "name": "APPLE-SA-2008-10-09",
            "refsource": "APPLE",
            "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
          },
          {
            "name": "http://support.apple.com/kb/HT3216",
            "refsource": "CONFIRM",
            "url": "http://support.apple.com/kb/HT3216"
          },
          {
            "name": "31906",
            "refsource": "SECUNIA",
            "url": "http://secunia.com/advisories/31906"
          },
          {
            "name": "FEDORA-2008-9644",
            "refsource": "FEDORA",
            "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
          },
          {
            "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
            "refsource": "CONFIRM",
            "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
          },
          {
            "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
            "refsource": "CONFIRM",
            "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.12:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.13:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.14:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.14:pre:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.11:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "0.93.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2008-1389"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-399"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html",
              "refsource": "MISC",
              "tags": [],
              "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
            },
            {
              "name": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
            },
            {
              "name": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
            },
            {
              "name": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
            },
            {
              "name": "31725",
              "refsource": "SECUNIA",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://secunia.com/advisories/31725"
            },
            {
              "name": "1020805",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id?1020805"
            },
            {
              "name": "30994",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/30994"
            },
            {
              "name": "SUSE-SR:2008:018",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
            },
            {
              "name": "31906",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31906"
            },
            {
              "name": "32030",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32030"
            },
            {
              "name": "GLSA-200809-18",
              "refsource": "GENTOO",
              "tags": [],
              "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
            },
            {
              "name": "http://kolab.org/security/kolab-vendor-notice-22.txt",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
            },
            {
              "name": "MDVSA-2008:189",
              "refsource": "MANDRIVA",
              "tags": [],
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
            },
            {
              "name": "APPLE-SA-2008-10-09",
              "refsource": "APPLE",
              "tags": [],
              "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
            },
            {
              "name": "31681",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/31681"
            },
            {
              "name": "http://support.apple.com/kb/HT3216",
              "refsource": "CONFIRM",
              "tags": [],
              "url": "http://support.apple.com/kb/HT3216"
            },
            {
              "name": "32222",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32222"
            },
            {
              "name": "FEDORA-2008-9644",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
            },
            {
              "name": "32699",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/32699"
            },
            {
              "name": "FEDORA-2008-9651",
              "refsource": "FEDORA",
              "tags": [],
              "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
            },
            {
              "name": "31982",
              "refsource": "SECUNIA",
              "tags": [],
              "url": "http://secunia.com/advisories/31982"
            },
            {
              "name": "ADV-2008-2484",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2484"
            },
            {
              "name": "ADV-2008-2564",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2564"
            },
            {
              "name": "ADV-2008-2780",
              "refsource": "VUPEN",
              "tags": [],
              "url": "http://www.vupen.com/english/advisories/2008/2780"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2011-03-08T03:07Z",
      "publishedDate": "2008-09-04T16:41Z"
    }
  }
}

FKIE_CVE-2008-1389

Vulnerability from fkie_nvd - Published: 2008-09-04 16:41 - Updated: 2025-04-09 00:30

Severity ?

Summary

libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an "invalid memory access."

References

URL	Tags
cve@mitre.org	http://int21.de/cve/CVE-2008-1389-clamav-chd.html
cve@mitre.org	http://kolab.org/security/kolab-vendor-notice-22.txt
cve@mitre.org	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
cve@mitre.org	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
cve@mitre.org	http://secunia.com/advisories/31725	Vendor Advisory
cve@mitre.org	http://secunia.com/advisories/31906
cve@mitre.org	http://secunia.com/advisories/31982
cve@mitre.org	http://secunia.com/advisories/32030
cve@mitre.org	http://secunia.com/advisories/32222
cve@mitre.org	http://secunia.com/advisories/32699
cve@mitre.org	http://security.gentoo.org/glsa/glsa-200809-18.xml
cve@mitre.org	http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661	Patch
cve@mitre.org	http://support.apple.com/kb/HT3216
cve@mitre.org	http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2008:189
cve@mitre.org	http://www.securityfocus.com/bid/30994
cve@mitre.org	http://www.securityfocus.com/bid/31681
cve@mitre.org	http://www.securitytracker.com/id?1020805
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2484
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2564
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2780
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html
cve@mitre.org	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html
cve@mitre.org	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089
af854a3a-2127-422b-91ae-364da2661108	http://int21.de/cve/CVE-2008-1389-clamav-chd.html
af854a3a-2127-422b-91ae-364da2661108	http://kolab.org/security/kolab-vendor-notice-22.txt
af854a3a-2127-422b-91ae-364da2661108	http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31725	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31906
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/31982
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32030
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32222
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32699
af854a3a-2127-422b-91ae-364da2661108	http://security.gentoo.org/glsa/glsa-200809-18.xml
af854a3a-2127-422b-91ae-364da2661108	http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=623661	Patch
af854a3a-2127-422b-91ae-364da2661108	http://support.apple.com/kb/HT3216
af854a3a-2127-422b-91ae-364da2661108	http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2008:189
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/30994
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/31681
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id?1020805
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2484
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2564
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2780
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html
af854a3a-2127-422b-91ae-364da2661108	https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html
af854a3a-2127-422b-91ae-364da2661108	https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089

Impacted products

Vendor	Product	Version
clam_anti-virus	clamav	*
clam_anti-virus	clamav	0.11
clam_anti-virus	clamav	0.12
clam_anti-virus	clamav	0.13
clam_anti-virus	clamav	0.14
clam_anti-virus	clamav	0.14
clam_anti-virus	clamav	0.15
clam_anti-virus	clamav	0.20
clam_anti-virus	clamav	0.21
clam_anti-virus	clamav	0.22
clam_anti-virus	clamav	0.23
clam_anti-virus	clamav	0.24
clam_anti-virus	clamav	0.51
clam_anti-virus	clamav	0.52
clam_anti-virus	clamav	0.53
clam_anti-virus	clamav	0.54
clam_anti-virus	clamav	0.60
clam_anti-virus	clamav	0.60p
clam_anti-virus	clamav	0.65
clam_anti-virus	clamav	0.67
clam_anti-virus	clamav	0.68
clam_anti-virus	clamav	0.68.1
clam_anti-virus	clamav	0.70
clam_anti-virus	clamav	0.71
clam_anti-virus	clamav	0.72
clam_anti-virus	clamav	0.73
clam_anti-virus	clamav	0.74
clam_anti-virus	clamav	0.75
clam_anti-virus	clamav	0.75.1
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.80
clam_anti-virus	clamav	0.81
clam_anti-virus	clamav	0.81
clam_anti-virus	clamav	0.82
clam_anti-virus	clamav	0.83
clam_anti-virus	clamav	0.84
clam_anti-virus	clamav	0.84
clam_anti-virus	clamav	0.84
clam_anti-virus	clamav	0.85
clam_anti-virus	clamav	0.85.1
clam_anti-virus	clamav	0.86
clam_anti-virus	clamav	0.86
clam_anti-virus	clamav	0.86.1
clam_anti-virus	clamav	0.86.2
clam_anti-virus	clamav	0.87
clam_anti-virus	clamav	0.87.1
clam_anti-virus	clamav	0.88
clam_anti-virus	clamav	0.88.1
clam_anti-virus	clamav	0.88.2
clam_anti-virus	clamav	0.88.3
clam_anti-virus	clamav	0.88.4
clam_anti-virus	clamav	0.88.5
clam_anti-virus	clamav	0.88.6
clam_anti-virus	clamav	0.88.7
clam_anti-virus	clamav	0.90
clam_anti-virus	clamav	0.90.1
clam_anti-virus	clamav	0.90.2
clam_anti-virus	clamav	0.90.3
clam_anti-virus	clamav	0.91
clam_anti-virus	clamav	0.91.1
clam_anti-virus	clamav	0.91.2
clam_anti-virus	clamav	0.92
clam_anti-virus	clamav	0.92.1
clam_anti-virus	clamav	0.93
clam_anti-virus	clamav	0.93.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "D68C0C00-CE03-418F-BC77-7C38468E15BD",
              "versionEndIncluding": "0.93.3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.11:*:*:*:*:*:*:*",
              "matchCriteriaId": "B03FC481-8143-411F-AF74-86433188346D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.12:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A6E1E0C-7240-47A7-8C35-2C48D1C56F11",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.13:*:*:*:*:*:*:*",
              "matchCriteriaId": "057EEF4D-3101-4575-83E3-34BA2823DE73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:*:*:*:*:*:*:*",
              "matchCriteriaId": "F86DA3C9-C6D5-4B04-9EAA-54350BE8CB26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.14:pre:*:*:*:*:*:*",
              "matchCriteriaId": "FB031F8A-2D70-46F4-BA98-64CACCF5A394",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.15:*:*:*:*:*:*:*",
              "matchCriteriaId": "4C9A0FA4-A4AE-4C90-98DA-8AF5ABB03CE6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.20:*:*:*:*:*:*:*",
              "matchCriteriaId": "D0E9BC10-5F5B-499A-893C-1EEF6F1180B7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.21:*:*:*:*:*:*:*",
              "matchCriteriaId": "06A9B47A-8FC3-4BD2-A55F-9150307619B8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.22:*:*:*:*:*:*:*",
              "matchCriteriaId": "7068873F-E45D-4471-B55E-BF7B0E3AFEEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.23:*:*:*:*:*:*:*",
              "matchCriteriaId": "695F0967-1529-42DB-8978-8B9192F7F615",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.24:*:*:*:*:*:*:*",
              "matchCriteriaId": "073BBAA9-7C7B-4D07-8943-7459DD2BAAC3",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.51:*:*:*:*:*:*:*",
              "matchCriteriaId": "BB72ED94-7832-43CF-81CF-27F88CAC6E91",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.52:*:*:*:*:*:*:*",
              "matchCriteriaId": "2C48C927-2D02-4B7E-82C3-0BBF29AAB24A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.53:*:*:*:*:*:*:*",
              "matchCriteriaId": "802BFF6B-5D9F-49AE-B96A-86A85E0F1034",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.54:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F7B2943-BC22-4735-8AA5-AADBEA685FAF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60:*:*:*:*:*:*:*",
              "matchCriteriaId": "C6257524-7FC5-40CA-9BDA-82B8565C5BEC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.60p:*:*:*:*:*:*:*",
              "matchCriteriaId": "35EBA938-DC66-40EA-8C66-38296AB57B57",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.65:*:*:*:*:*:*:*",
              "matchCriteriaId": "395AACCC-C20A-4BC1-BF62-D40FF71B7360",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.67:*:*:*:*:*:*:*",
              "matchCriteriaId": "0F52C121-B8B8-43A8-AFAB-E85474021919",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68:*:*:*:*:*:*:*",
              "matchCriteriaId": "659B4C39-0F0F-40C5-9B7E-0D00330611F2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.68.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7793F3D5-E93C-46C8-ADCA-EF60BF4EC3C4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*",
              "matchCriteriaId": "508C140C-2F87-4270-85B0-00EA6678A344",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*",
              "matchCriteriaId": "3033A4A2-47E9-434F-BA0A-0F2476A67899",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*",
              "matchCriteriaId": "4680089D-DEFB-41E3-AFAF-6DA9252F2DCD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*",
              "matchCriteriaId": "307ED99C-32B8-4C0C-8C55-E2BA6EDB961F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*",
              "matchCriteriaId": "DEF4F0DE-DC05-4F06-BC2D-09BAEAB25184",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*",
              "matchCriteriaId": "0C1EDFB4-B0C8-4832-BCA1-C35D28877581",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "BF60319C-CFFB-47F4-BDCB-90A5D0FB4240",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*",
              "matchCriteriaId": "4EF47B2A-4520-4872-987D-2EF88344ADB2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*",
              "matchCriteriaId": "5909491A-3D43-4648-B0F9-983BF2BE13B4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "3DB0BD14-60D1-4482-A91E-AFA501DE1F14",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "FFFDE6BB-38A1-4074-A3E1-E59BB5E7ED74",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*",
              "matchCriteriaId": "79FC2D39-6F8E-4267-8D4B-0C59D28A0E27",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*",
              "matchCriteriaId": "FC31E071-6BB8-45FE-AA09-E7E459B549D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "89533C50-275D-440D-88B4-363B3DED39E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*",
              "matchCriteriaId": "53D884A1-305C-416A-9851-3A7D875FDC47",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*",
              "matchCriteriaId": "E58A6CBC-ED1C-430D-8F43-88694971A850",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*",
              "matchCriteriaId": "E330A535-A376-4BFF-BB1B-31E83370FC02",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "E787E42E-3339-47FD-904E-5E3C73991CA9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*",
              "matchCriteriaId": "F21E03C7-0293-402C-ACAE-41E7F11B7AF2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*",
              "matchCriteriaId": "EDF94B1E-E8D4-4952-9081-1254F335445D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8657268E-4C78-4565-9966-7329095A7905",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*",
              "matchCriteriaId": "8D20F0D5-2291-4F24-94DB-180CDF926B93",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*",
              "matchCriteriaId": "B8BD1ADF-C784-4E43-A6A5-09D416E96AE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A0E2884A-615F-4063-8FB7-EC157C3EC07F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "D7BC41B7-272F-44BB-BD48-6C9231402526",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*",
              "matchCriteriaId": "D23F1D35-6073-49B0-8DD4-C58AEE2CC83C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D87DA1D8-59AC-4372-BBFC-ED8BC6603AAC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F56722F-F61A-404B-B0B2-1C92C22D0436",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D00EBC44-B4AB-443F-A063-8C8CB64F5F94",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFFA6F1E-9F25-400C-B626-3B9EDA396913",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2DB68680-FA6D-4235-90DA-E3DF0E5BB666",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "0E5BCBA5-0CE1-4112-8C3D-BAED9C5537B9",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "3908B34C-823E-47BA-8A64-23547D2AB027",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "557C5437-4B40-4E89-A23D-96B95829281D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*",
              "matchCriteriaId": "A3394AD1-C667-46E7-82D3-E2E381CCC9FA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*",
              "matchCriteriaId": "142588F8-15C3-4288-BE7C-B2F7447BD60F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC18418B-7477-436C-A24A-081701968DEF",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1A85C689-95E0-41F7-83D9-5A8B0AB42390",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "BC24A055-278C-4A78-8C68-AC7618EF3EF5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*",
              "matchCriteriaId": "CC992A3B-24B4-48D8-BFBF-9B7884D11D28",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8EFAC7BA-2A39-46A8-BF91-5537532F45D2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "733CB165-98CD-4F8E-8A6D-07CF522634BA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*",
              "matchCriteriaId": "8670A5ED-C41E-40B9-B2C9-68F22734B444",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C8BE6F91-5442-4156-B137-E4AD3E21CF88",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*",
              "matchCriteriaId": "40F14DB9-8437-4CEB-9D63-098FD9E604E7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "A4C92175-5E97-4197-8495-25900134B652",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "libclamav/chmunpack.c in the chm-parser in ClamAV before 0.94 allows remote attackers to cause a denial of service (application crash) via a malformed CHM file, related to an \"invalid memory access.\""
    },
    {
      "lang": "es",
      "value": "libclamav/chmunpack.c en the chm-parser en ClamAV anterior a 0.94, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de aplicaci\u00f3n) a trav\u00e9s de un archivo CHM mal formado, en relaci\u00f3n con un \"acceso no v\u00e1lido a memoria\"."
    }
  ],
  "id": "CVE-2008-1389",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-09-04T16:41:00.000",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31725"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31906"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/31982"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32030"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://secunia.com/advisories/32699"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/30994"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id?1020805"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2484"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2564"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://int21.de/cve/CVE-2008-1389-clamav-chd.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://kolab.org/security/kolab-vendor-notice-22.txt"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/31725"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31906"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/31982"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32030"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32222"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://secunia.com/advisories/32699"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://security.gentoo.org/glsa/glsa-200809-18.xml"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://sourceforge.net/project/shownotes.php?group_id=86638\u0026release_id=623661"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://support.apple.com/kb/HT3216"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://svn.clamav.net/svn/clamav-devel/trunk/ChangeLog"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:189"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/30994"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/31681"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id?1020805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2484"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2564"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2780"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00332.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://www.redhat.com/archives/fedora-package-announce/2008-November/msg00348.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1089"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-399"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2008-1389 (GCVE-0-2008-1389)

CERTA-2008-AVI-437

Description

Solution

CERTA-2008-AVI-492

Description

Solution

GHSA-R2W2-7WGR-PQ2V

GSD-2008-1389

FKIE_CVE-2008-1389

Tags

Sightings

Nomenclature