Launchpad CVE tracker

CVE 2008-5050

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

Related bugs and status

CVE-2008-5050 (Candidate) is related to these bugs:

Bug #296704: ClamAV 0.94.1 fixes security problem

		In	Importance	Status
296704	ClamAV 0.94.1 fixes security problem	clamav (Ubuntu)	Medium	Fix Released
296704	ClamAV 0.94.1 fixes security problem	clamav (Ubuntu Dapper)	Medium	Fix Released
296704	ClamAV 0.94.1 fixes security problem	clamav (Ubuntu Gutsy)	Medium	Fix Released
296704	ClamAV 0.94.1 fixes security problem	clamav (Ubuntu Hardy)	Medium	Fix Released
296704	ClamAV 0.94.1 fixes security problem	clamav (Ubuntu Intrepid)	Medium	Fix Released

Bug #298637: CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files

		In	Importance	Status
298637	CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files	clamav (Ubuntu)	Undecided	New
298637	CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files	Debian	Unknown	Unknown
298637	CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files	clamav (Fedora)	Unknown	Confirmed
298637	CVE-2008-5050: heap overflow vulnerability in the code responsible for parsing VBA project files	clamav (Gentoo Linux)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-5050

References