Launchpad.net

CVE 2008-0314

Heap-based buffer overflow in spin.c in libclamav in ClamAV 0.92.1 allows remote attackers to execute arbitrary code via a crafted PeSpin packed PE binary with a modified length value.

Related bugs and status

CVE-2008-0314 (Candidate) is related to these bugs:

Bug #217256: ClamAV Upack Processing Buffer Overflow Vulnerability

		In	Importance	Status
217256	ClamAV Upack Processing Buffer Overflow Vulnerability	clamav (Ubuntu)	Medium	Fix Released
217256	ClamAV Upack Processing Buffer Overflow Vulnerability	clamav (Ubuntu Dapper)	Undecided	Fix Released
217256	ClamAV Upack Processing Buffer Overflow Vulnerability	clamav (Ubuntu Edgy)	Undecided	Won't Fix
217256	ClamAV Upack Processing Buffer Overflow Vulnerability	clamav (Ubuntu Feisty)	Medium	Fix Released
217256	ClamAV Upack Processing Buffer Overflow Vulnerability	clamav (Ubuntu Gutsy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

IDEFENSE: 20080414 ClamAV libcla...
CONFIRM: https://wwws.clamav.ne...
CONFIRM: http://kolab.org/secur...
DEBIAN: DSA-1549
CERT-VN: VU#858595
SECUNIA: 29863
CONFIRM: http://svn.clamav.net/...
SUSE: SUSE-SA:2008:024
SECTRACK: 1019851
MANDRIVA: MDVSA-2008:088
BID: 28784
SECUNIA: 29891
SECUNIA: 29886
FEDORA: FEDORA-2008-3358
FEDORA: FEDORA-2008-3420
SECUNIA: 29975
FEDORA: FEDORA-2008-3900
SECUNIA: 30253
SECUNIA: 30328
CONFIRM: http://up2date.astaro....
APPLE: APPLE-SA-2008-09-15
SECUNIA: 31576
SECUNIA: 31882
GENTOO: GLSA-200805-19
CERT: TA08-260A
VUPEN: ADV-2008-1227
VUPEN: ADV-2008-2584
XF: clamav-spin-bo(41823)