Vulnerability Name:

CVE-2008-5314 (CCN-46985)

Assigned:2008-11-26
Published:2008-11-26
Updated:2017-09-29
Summary:Stack consumption vulnerability in libclamav/special.c in ClamAV before 0.94.2 allows remote attackers to cause a denial of service (daemon crash) via a crafted JPEG file, related to the cli_check_jpeg_exploit, jpeg_check_photoshop, and jpeg_check_photoshop_8bim functions.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Low
CVSS v2 Severity:4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P)
3.4 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
3.9 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): None
Availibility (A): Partial
Vulnerability Type:CWE-399
Vulnerability Consequences:Denial of Service
References:Source: MITRE
Type: CNA
CVE-2008-5314

Source: APPLE
Type: UNKNOWN
APPLE-SA-2009-02-12

Source: SUSE
Type: UNKNOWN
SUSE-SR:2008:028

Source: MLIST
Type: UNKNOWN
[clamav-announce] 20081126 announcing ClamAV 0.94.2

Source: OSVDB
Type: UNKNOWN
50363

Source: CCN
Type: SA32926
ClamAV "cli_check_jpeg_exploit()" Denial of Service Vulnerability

Source: SECUNIA
Type: UNKNOWN
32926

Source: SECUNIA
Type: UNKNOWN
32936

Source: SECUNIA
Type: UNKNOWN
33016

Source: SECUNIA
Type: UNKNOWN
33195

Source: SECUNIA
Type: UNKNOWN
33317

Source: CCN
Type: SA33937
Apple Mac OS X Security Update Fixes Multiple Vulnerabilities

Source: SECUNIA
Type: UNKNOWN
33937

Source: GENTOO
Type: UNKNOWN
GLSA-200812-21

Source: CCN
Type: SECTRACK ID: 1021296
Clam AntiVirus cli_check_jpeg_exploit() Recursive Loop Lets Remote Users Deny Service

Source: CCN
Type: SourceForge.net: Files
Clam AntiVirus, File Release Notes and Changelog, Release Name: 0.94.2

Source: CONFIRM
Type: UNKNOWN
http://sourceforge.net/project/shownotes.php?group_id=86638&release_id=643134

Source: CCN
Type: Apple Web site
About the security content of Security Update 2009-001

Source: CONFIRM
Type: UNKNOWN
http://support.apple.com/kb/HT3438

Source: CCN
Type: Clam AntiVirus Web site
Clam AntiVirus

Source: DEBIAN
Type: UNKNOWN
DSA-1680

Source: DEBIAN
Type: DSA-1680
clamav -- buffer overflow

Source: MANDRIVA
Type: UNKNOWN
MDVSA-2008:239

Source: MLIST
Type: UNKNOWN
[oss-security] 20081201 CVE request: clamav 0.94.2

Source: CCN
Type: OSVDB ID: 50363
ClamAV libclamav/special.c Multiple Function Crafted JPEG File Handling Overflow DoS

Source: BID
Type: UNKNOWN
32555

Source: CCN
Type: BID-32555
ClamAV 'cli_check_jpeg_exploit' Function Malformed JPEG File Remote Denial Of Service Vulnerability

Source: SECTRACK
Type: UNKNOWN
1021296

Source: CCN
Type: USN-684-1
ClamAV vulnerability

Source: UBUNTU
Type: UNKNOWN
USN-684-1

Source: VUPEN
Type: UNKNOWN
ADV-2008-3311

Source: VUPEN
Type: UNKNOWN
ADV-2009-0422

Source: XF
Type: UNKNOWN
clamav-special-dos(46985)

Source: XF
Type: UNKNOWN
clamav-special-dos(46985)

Source: EXPLOIT-DB
Type: UNKNOWN
7330

Source: SUSE
Type: SUSE-SR:2008:028
SUSE Security Summary Report

Source: CCN
Type: ClamAV Bugzilla Bug 1266
recursive stack overflow in jpeg parsing code

Source: CONFIRM
Type: Exploit
https://wwws.clamav.net/bugzilla/show_bug.cgi?id=1266

Vulnerable Configuration:Configuration 1:
  • cpe:/a:clam_anti-virus:clamav:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.75.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:rc:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:rc2:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:rc3:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.80:rc4:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.81:rc1:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.83:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84:rc1:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.84:rc2:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86:rc1:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.86.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.87:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.87.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.4:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.5:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.6:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.88.7:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.90.3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.91.2:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.93.1:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.93.3:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:clam_anti-virus:clamav:*:*:*:*:*:*:*:* (Version <= 0.94.1)

  • Configuration CCN 1:
  • cpe:/a:clamav:clamav:0.83:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.87:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:rc2:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.91.2:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.92:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.91.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.92.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.91:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.70:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.71:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.72:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.73:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.74:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.75:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.75.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc2:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc3:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc4:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.81:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.81:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.82:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.84:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.85:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.85.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86:rc1:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.86.2:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.87.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.3:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.4:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.5:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.6:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.7:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.88.2:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90.3:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.93:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.80:rc:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.93.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.93.3:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.94:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.94.1:*:*:*:*:*:*:*
  • OR cpe:/a:clamav:clamav:0.90.2:*:*:*:*:*:*:*
  • AND
  • cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:4.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux_corporate_server:3.0:*:x86_64:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:x86-64:*:*:*:*:*
  • OR cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:x86_64:*:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.4.11:*:*:*:*:*:*:*
  • OR cpe:/o:mandrakesoft:mandrake_linux:2008.1:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:*:*:*:*:*:*:*
  • OR cpe:/o:mandriva:linux:2009.0:-:x86_64:*:*:*:*:*
  • OR cpe:/o:apple:mac_os_x_server:10.5.6:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20085314
    V
    CVE-2008-5314
    2017-09-27
    oval:org.mitre.oval:def:17947
    P
    USN-684-1 -- clamav vulnerability
    2014-06-30
    oval:org.mitre.oval:def:8113
    P
    DSA-1680 clamav -- buffer overflow, stack consumption
    2014-06-23
    oval:org.mitre.oval:def:18536
    P
    DSA-1680-1 clamav - potential code execution
    2014-06-23
    oval:org.debian:def:1680
    V
    buffer overflow, stack consumption
    2008-12-04
    BACK
    clam_anti-virus clamav 0.70
    clam_anti-virus clamav 0.71
    clam_anti-virus clamav 0.72
    clam_anti-virus clamav 0.73
    clam_anti-virus clamav 0.74
    clam_anti-virus clamav 0.75
    clam_anti-virus clamav 0.75.1
    clam_anti-virus clamav 0.80
    clam_anti-virus clamav 0.80 rc
    clam_anti-virus clamav 0.80 rc2
    clam_anti-virus clamav 0.80 rc3
    clam_anti-virus clamav 0.80 rc4
    clam_anti-virus clamav 0.81
    clam_anti-virus clamav 0.81 rc1
    clam_anti-virus clamav 0.82
    clam_anti-virus clamav 0.83
    clam_anti-virus clamav 0.84
    clam_anti-virus clamav 0.84 rc1
    clam_anti-virus clamav 0.84 rc2
    clam_anti-virus clamav 0.85
    clam_anti-virus clamav 0.85.1
    clam_anti-virus clamav 0.86
    clam_anti-virus clamav 0.86 rc1
    clam_anti-virus clamav 0.86.1
    clam_anti-virus clamav 0.86.2
    clam_anti-virus clamav 0.87
    clam_anti-virus clamav 0.87.1
    clam_anti-virus clamav 0.88
    clam_anti-virus clamav 0.88.1
    clam_anti-virus clamav 0.88.2
    clam_anti-virus clamav 0.88.3
    clam_anti-virus clamav 0.88.4
    clam_anti-virus clamav 0.88.5
    clam_anti-virus clamav 0.88.6
    clam_anti-virus clamav 0.88.7
    clam_anti-virus clamav 0.90
    clam_anti-virus clamav 0.90.1
    clam_anti-virus clamav 0.90.2
    clam_anti-virus clamav 0.90.3
    clam_anti-virus clamav 0.91
    clam_anti-virus clamav 0.91.1
    clam_anti-virus clamav 0.91.2
    clam_anti-virus clamav 0.92
    clam_anti-virus clamav 0.92.1
    clam_anti-virus clamav 0.93
    clam_anti-virus clamav 0.93.1
    clam_anti-virus clamav 0.93.3
    clam_anti-virus clamav 0.94
    clam_anti-virus clamav *
    clamav clamav 0.83
    clamav clamav 0.87
    clamav clamav 0.84 rc2
    clamav clamav 0.91.2
    clamav clamav 0.92
    clamav clamav 0.91.1
    clamav clamav 0.92.1
    clamav clamav 0.90
    clamav clamav 0.90.1
    clamav clamav 0.91
    clamav clamav 0.70
    clamav clamav 0.71
    clamav clamav 0.72
    clamav clamav 0.73
    clamav clamav 0.74
    clamav clamav 0.75
    clamav clamav 0.75.1
    clamav clamav 0.80
    clamav clamav 0.80 rc2
    clamav clamav 0.80 rc3
    clamav clamav 0.80 rc4
    clamav clamav 0.81
    clamav clamav 0.81 rc1
    clamav clamav 0.82
    clamav clamav 0.84
    clamav clamav 0.84 rc1
    clamav clamav 0.85
    clamav clamav 0.85.1
    clamav clamav 0.86
    clamav clamav 0.86 rc1
    clamav clamav 0.86.1
    clamav clamav 0.86.2
    clamav clamav 0.87.1
    clamav clamav 0.88
    clamav clamav 0.88.1
    clamav clamav 0.88.3
    clamav clamav 0.88.4
    clamav clamav 0.88.5
    clamav clamav 0.88.6
    clamav clamav 0.88.7
    clamav clamav 0.88.2
    clamav clamav 0.90.3
    clamav clamav 0.93
    clamav clamav 0.80 rc
    clamav clamav 0.93.1
    clamav clamav 0.93.3
    clamav clamav 0.94
    clamav clamav 0.94.1
    clamav clamav 0.90.2
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 4.0
    mandrakesoft mandrake linux corporate server 3.0
    mandrakesoft mandrake linux 2008.0
    debian debian linux 4.0
    mandrakesoft mandrake linux 2008.0
    mandrakesoft mandrake linux 2008.1 x86_64
    apple mac os x server 10.4.11
    mandrakesoft mandrake linux 2008.1
    mandriva linux 2009.0
    mandriva linux 2009.0 -
    apple mac os x server 10.5.6