Launchpad.net

CVE 2008-5314

Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.

Related bugs and status

CVE-2008-5314 (Candidate) is related to these bugs:

Bug #271546: [hardy] Multiple unfixed CVEs

		In	Importance	Status
271546	[hardy] Multiple unfixed CVEs	clamav (Ubuntu)	Undecided	Fix Released
271546	[hardy] Multiple unfixed CVEs	clamav (Ubuntu Hardy)	Undecided	Fix Released
271546	[hardy] Multiple unfixed CVEs	clamav (Ubuntu Dapper)	Undecided	Fix Released
271546	[hardy] Multiple unfixed CVEs	clamav (Ubuntu Gutsy)	Undecided	Won't Fix
271546	[hardy] Multiple unfixed CVEs	clamav (Ubuntu Intrepid)	Undecided	Fix Released

Bug #304017: Recursive stack overflow in jpeg parsing code

		In	Importance	Status
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu)	High	Fix Released
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu Intrepid)	High	Fix Released
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu Dapper)	Undecided	Fix Released
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu Gutsy)	Undecided	Won't Fix
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu Hardy)	Undecided	Fix Released
304017	Recursive stack overflow in jpeg parsing code	clamav (Ubuntu Jaunty)	High	Fix Released

Bug #317923: Clamav modules still disabled even though security issues are fixed

		In	Importance	Status
317923	Clamav modules still disabled even though security issues are fixed	clamav (Ubuntu)	High	Fix Released
317923	Clamav modules still disabled even though security issues are fixed	clamav (Ubuntu Dapper)	High	Fix Released
317923	Clamav modules still disabled even though security issues are fixed	clamav (Ubuntu Gutsy)	High	Fix Released
317923	Clamav modules still disabled even though security issues are fixed	clamav (Ubuntu Hardy)	High	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [clamav-announce] 2008...
MLIST: [oss-security] 2008120...
CONFIRM: https://wwws.clamav.ne...
DEBIAN: DSA-1680
SECUNIA: 33016
UBUNTU: USN-684-1
BID: 32555
OSVDB: 50363
SECTRACK: 1021296
SECUNIA: 32926
SECUNIA: 32936
GENTOO: GLSA-200812-21
SECUNIA: 33317
SUSE: SUSE-SR:2008:028
MANDRIVA: MDVSA-2008:239
SECUNIA: 33195
APPLE: APPLE-SA-2009-02-12
SECUNIA: 33937
CONFIRM: http://support.apple.c...
VUPEN: ADV-2008-3311
VUPEN: ADV-2009-0422
CONFIRM: http://sourceforge.net...
XF: clamav-special-dos(46985)
EXPLOIT-DB: 7330