diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml index 8cd275a930f6..d752cf94099f 100644 --- a/security/vuxml/vuln.xml +++ b/security/vuxml/vuln.xml @@ -34,6 +34,49 @@ Note: Please add new entries to the beginning of this file. --> + + clamav -- Multiple Vulnerabilities + + + clamav + 0.93 + + + clamav-devel + 20080415 + + + + +

Secunia reports:

+
+

Some vulnerabilities have been reported in ClamAV, which can be + exploited by malicious people to cause a DoS (Denial of Service) + or to compromise a vulnerable system.

+

1) A boundary error exists within the "cli_scanpe()" function in + libclamav/pe.c. This can be exploited to cause a heap-based buffer + overflow via a specially crafted "Upack" executable.

+

Successful exploitation allows execution of arbitrary code.

+

2) A boundary error within the processing of PeSpin packed + executables in libclamav/spin.c can be exploited to cause a + heap-based buffer overflow.

+

Successful exploitation may allow execution of arbitrary code.

+

3) An unspecified error in the processing of ARJ files can be + exploited to hang ClamAV.

+
+ + + + CVE-2008-1100 + CVE-2008-1387 + http://secunia.com/advisories/29000 + + + 2008-04-15 + 2008-04-15 + + + lighttpd -- OpenSSL Error Queue Denial of Service Vulnerability