Novell Home

CVE-2008-5050

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2008-5050 at MITRE

Description

Off-by-one error in the get_unicode_name function (libclamav/vba_extract.c) in Clam Anti-Virus (ClamAV) before 0.94.1 allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted VBA project file, which triggers a heap-based buffer overflow.

NVD CVSS v2 Base Score: 9.3 (AV:N/AC:M/Au:N/C:C/I:C/A:C)

Novell/SUSE information

Novell Bugzilla entry: 443311

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.0
  • clamav-debuginfo >= 0.94.1-2.1
  • clamav-debugsource >= 0.94.1-2.1
openSUSE 11.0
  • clamav >= 0.94.1-2.1
  • clamav-db >= 0.94.1-2.1
Open Enterprise Server
  • clamav >= 0.94.1-2.1
core9.s390x
core9.ppc
core9.s390
core9.ia64
sles9-oes.x86
sles9-nlpos.x86
core9.x86
YOU Patch Nr: 12292
SUSE Linux Enterprise SDK 10 SP2
  • clamav >= 0.94.1-2.1
sle10-sp2-sdk.ia64
sle10-sp2-sdk.ppc
sles10-sp2.s390x
sles10-sp2.ppc
sles10-sp2.x86-64
sled10-sp2.x86
sle10-sp2-sdk.x86
sles10-sp2.x86
sle10-sp2-sdk.x86-64
sled10-sp2.x86-64
sles10-sp2.ia64
sle10-sp2-sdk.s390x
ZYPP Patch Nr: 5769

© 2014 Novell