Ubuntu
clamav package

CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files

Bug #298637 reported by Carlo Marcelo Arenas Belon
This bug report is a duplicate of:  Bug #296704: ClamAV 0.94.1 fixes security problem. Edit Remove
256
Affects Status Importance Assigned to Milestone
Debian
Unknown
Unknown
clamav (Fedora)
Confirmed
Unknown
clamav (Gentoo Linux)
Fix Released
Unknown
clamav (Ubuntu)
New
Undecided
Unassigned

Bug Description

Binary package hint: clamav

Reference :

  http://seclists.org/bugtraq/2008/Nov/0070.html

Patch:

  http://svn.clamav.net/websvn/diff.php?repname=clamav-devel&path=/trunk/libclamav/vba_extract.c&rev=4311

Impact:

  remotely exploitable if using clamav as a mail scanner in intrepid

CVE References

Bug Watch Updater (bug-watch-updater)
Changed in clamav:
status: Unknown → In Progress
status: Unknown → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in clamav:
status: In Progress → Confirmed
Bug Watch Updater (bug-watch-updater)
Changed in clamav:
status: Confirmed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.